Lucene search
GoogleOSV:CVE-2020-28242HistoryNov 06, 2020 - 6:15 a.m.
CVE-2020-28242
2020-11-0606:15:11
Google
osv.dev
3
An issue was discovered in Asterisk Open Source 13.x before 13.37.1, 16.x before 16.14.1, 17.x before 17.8.1, and 18.x before 18.0.1 and Certified Asterisk before 16.8-cert5. If Asterisk is challenged on an outbound INVITE and the nonce is changed in each response, Asterisk will continually send INVITEs in a loop. This causes Asterisk to consume more and more memory since the transaction will never terminate (even if the call is hung up), ultimately leading to a restart or shutdown of Asterisk. Outbound authentication must be configured on the endpoint for this to occur.
Related
ubuntucve
ubuntucve
CVE-2020-28242
2020-11-06 00:00:00
cvelist
cvelist
CVE-2020-28242
2020-11-06 05:02:58
nvd
nvd
CVE-2020-28242
2020-11-06 06:15:11
veracode
veracode
Denial Of Service (DoS)
2022-04-04 02:40:42
prion
prion
Design/Logic Flaw
2020-11-06 06:15:00
openvas
openvas
Fedora: Security Advisory for asterisk (FEDORA-2020-6b277646c7)
2020-11-28 00:00:00
Asterisk Multiple DoS Vulnerabilities (AST-2020-001, AST-2020-002)
2020-11-06 00:00:00
Debian: Security Advisory (DLA-2969-1)
2022-04-04 00:00:00
fedora
fedora
[SECURITY] Fedora 33 Update: asterisk-17.9.0-1.fc33
2020-11-28 02:04:43
cve
cve
CVE-2020-28242
2020-11-06 06:15:11
nessus
nessus
Fedora 33 : asterisk (2020-6b277646c7)
2020-11-30 00:00:00
Debian DLA-2969-1 : asterisk - LTS security update
2022-04-03 00:00:00
debiancve
debiancve
CVE-2020-28242
2020-11-06 06:15:11
osv
osv
asterisk - security update
2022-04-03 00:00:00
debian
debian
[SECURITY] [DLA 2969-1] asterisk security update
2022-04-03 05:56:53