How severe is CVE-2020-28327?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 5.3 out of 10.

What type of vulnerability is CVE-2020-28327?

This is classified as CWE-404, which is a common weakness in software security.

CVE-2020-28327 - MEDIUM Severity | CVSS 5.3

Vulnerability Description

A res_pjsip_session crash was discovered in Asterisk Open Source 13.x before 13.37.1, 16.x before 16.14.1, 17.x before 17.8.1, and 18.x before 18.0.1. and Certified Asterisk before 16.8-cert5. Upon receiving a new SIP Invite, Asterisk did not return the created dialog locked or referenced. This caused a gap between the creation of the dialog object, and its next use by the thread that created it. Depending on some off-nominal circumstances and timing, it was possible for another thread to free said dialog in this gap. Asterisk could then crash when the dialog object, or any of its dependent objects, were dereferenced or accessed next by the initial-creation thread. Note, however, that this crash can only occur when using a connection-oriented protocol (e.g., TCP or TLS, but not UDP) for SIP transport. Also, the remote client must be authenticated, or Asterisk must be configured for anonymous calling.

Related Vulnerabilities

CVE-2017-18898

MEDIUM

CVSS:5.3(Medium)

An issue was discovered in Mattermost Server before 4.2.0, 4.1.1, and 4.0.5. It allows crafted posts that potentially cause a web browser to hang.

CWE-4042017

CVE-2018-8836

MEDIUM

CVSS:5.3(Medium)

Wago 750 Series PLCs with firmware version 10 and prior include a remote attack may take advantage of an improper implementation of the 3 way handshake during a TCP connection affecting the communicat...

CWE-4042018

CVE-2020-12439

MEDIUM

CVSS:5.3(Medium)

Grin before 3.1.0 allows attackers to adversely affect availability of data on a Mimblewimble blockchain.

CWE-4042020

CVE-2020-27283

MEDIUM

CVSS:5.3(Medium)

An attacker could send a specially crafted message to Crimson 3.1 (Build versions prior to 3119.001) that could leak arbitrary memory locations.

CWE-4042020

CVE-2021-21003

MEDIUM

CVSS:5.3(Medium)

In Phoenix Contact FL SWITCH SMCS series products in multiple versions fragmented TCP-Packets may cause a Denial of Service of Web-, SNMP- and ICMP-Echo services. The switching functionality of the de...

CWE-4042021

CVE-2022-0396

MEDIUM

CVSS:5.3(Medium)

BIND 9.16.11 -> 9.16.26, 9.17.0 -> 9.18.0 and versions 9.16.11-S1 -> 9.16.26-S1 of the BIND Supported Preview Edition. Specifically crafted TCP streams can cause connections to BIND to remain in CLOSE...

CWE-4042022