{ "affected": [ { "ranges": [ { "database_specific": { "versions": [ { "introduced": "13.0.0" }, { "last_affected": "13.38.1" }, { "introduced": "16.0.0" }, { "last_affected": "16.15.1" }, { "introduced": "17.0.0" }, { "last_affected": "17.9.1" }, { "introduced": "18.0" }, { "last_affected": "18.1.1" } ] }, "events": [ { "introduced": "85335355efb2d7914a1fe20ed31afcef15fd210c" }, { "last_affected": "3f100c22d4664012247efed391c595833a15d7ee" }, { "introduced": "a65908f83e2f17a3aca7eb39c8e06045aca02674" }, { "last_affected": "105df4b089e19c7e296d425965623f3428720cd1" }, { "introduced": "5ffe12b6ef30cd503f85d75745fd8d9c2cfafe47" }, { "last_affected": "1edb44b2a9e6d68cfccf4339044751c8830e1d14" }, { "introduced": "2c1bba3cbec008c8ce35c78a2c79f9f207ea58bc" }, { "last_affected": "fd5b3a1b6f686db27f98281ec21a9c8fb04a787c" } ], "repo": "https://github.com/asterisk/asterisk", "type": "GIT" } ] } ], "details": "A buffer overflow in res_pjsip_diversion.c in Sangoma Asterisk versions 13.38.1, 16.15.1, 17.9.1, and 18.1.1 allows remote attacker to crash Asterisk by deliberately misusing SIP 181 responses.", "id": "CVE-2020-35776", "modified": "2026-04-01T23:08:03.422084751Z", "published": "2021-02-18T20:15:12.447Z", "references": [ { "type": "ADVISORY", "url": "http://seclists.org/fulldisclosure/2021/Feb/57" }, { "type": "ADVISORY", "url": "https://downloads.asterisk.org/pub/security/AST-2021-001.html" }, { "type": "REPORT", "url": "https://issues.asterisk.org/" }, { "type": "FIX", "url": "https://issues.asterisk.org/jira/browse/ASTERISK-29227" }, { "type": "FIX", "url": "http://packetstormsecurity.com/files/161470/Asterisk-Project-Security-Advisory-AST-2021-001.html" } ], "severity": [ { "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "type": "CVSS_V3" } ] }