Vulnerability Key Information Vulnerability Summary Vulnerability ID: ASTERISK-29057 Description: Under high load conditions, PJSIP crashes when rejecting calls, particularly when the INVITE transaction response for an incoming INVITE session is not properly set, leading to a crash. Reporter and Timeline Reporter: Sandro Gauci (sandrogaucci) Opened Date: 2020-08-31 09:32:41 Closed Date: 2020-11-06 22:06:06.000-0600 Priority and Status Priority: Blocker Status: Closed/Complete Versions and Component Versions: 13.35.0, 16.12.0, 17.6.0 Component: pjproject/pjsip Related Links and Attachments Attachments: - AST-2020-001.pdf - ASTERISK-29057-16.diff - backtrace.txt - security.txt Fix Information Fix Commits: - Change 15162 - Change 15163 - Change 15164 - Change 15165 - Change 15166 - Change 15167 - Change 15151 - Change 15153 - Change 15154 - Change 15155 CVE ID: CVE-2020-28327 Notes Summary The issue was automatically set to "Blocker" priority due to security concerns and was confirmed fixed after patching. Testing results indicate the issue has been resolved. The fix was expected to be released on November 5, 2020.