FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-03-28 15:43:32 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
2a3bc6ac-e7c6-11e7-a90b-001999f8d30basterisk -- Crash in PJSIP resource when missing a contact header

The Asterisk project reports:

A select set of SIP messages create a dialog in Asterisk. Those SIP messages must contain a contact header. For those messages, if the header was not present and using the PJSIP channel driver, it would cause Asterisk to crash. The severity of this vulnerability is somewhat mitigated if authentication is enabled. If authentication is enabled a user would have to first be authorized before reaching the crash point.


Discovery 2017-12-12
Entry 2017-12-23
asterisk13
< 13.18.5

https://downloads.asterisk.org/pub/security/AST-2017-014.html
CVE-2017-17850
972fe546-1fb6-11eb-b9d4-001999f8d30basterisk -- Remote crash in res_pjsip_session

The Asterisk project reports:

Upon receiving a new SIP Invite, Asterisk did not return the created dialog locked or referenced. This caused a gap between the creation of the dialog object, and its next use by the thread that created it. Depending upon some off nominal circumstances, and timing it was possible for another thread to free said dialog in this gap. Asterisk could then crash when the dialog object, or any of its dependent objects were de-referenced, or accessed next by the initial creation thread.


Discovery 2020-11-05
Entry 2020-11-05
asterisk13
< 13.37.1

asterisk16
< 16.14.1

asterisk18
< 18.0.1

https://downloads.asterisk.org/pub/security/AST-2020-001.html
94c6951a-0d04-11ea-87ca-001999f8d30basterisk -- Re-invite with T.38 and malformed SDP causes crash

The Asterisk project reports:

If Asterisk receives a re-invite initiating T.38 faxing and has a port of 0 and no c line in the SDP, a crash will occur.


Discovery 2019-11-07
Entry 2019-11-22
asterisk13
< 13.29.2

https://downloads.asterisk.org/pub/security/AST-2019-008.html
CVE-2019-18976
ab04cb0b-c533-11e7-8da5-001999f8d30basterisk -- Buffer overflow in CDR's set user

The Asterisk project reports:

No size checking is done when setting the user field for Party B on a CDR. Thus, it is possible for someone to use an arbitrarily large string and write past the end of the user field storage buffer. The earlier AST-2017-001 advisory for the CDR user field overflow was for the Party A buffer.


Discovery 2017-10-09
Entry 2017-11-09
Modified 2017-12-13
asterisk13
< 13.18.1

https://downloads.asterisk.org/pub/security/AST-2017-010.html
CVE-2017-16671
f9f5c5a2-17b5-11e8-90b8-001999f8d30basterisk and pjsip -- multiple vulnerabilities

The Asterisk project reports:

AST-2018-002 - By crafting an SDP message with an invalid media format description Asterisk crashes when using the pjsip channel driver because pjproject's sdp parsing algorithm fails to catch the invalid media format description.

AST-2018-003 - By crafting an SDP message body with an invalid fmtp attribute Asterisk crashes when using the pjsip channel driver because pjproject's fmtp retrieval function fails to check if fmtp value is empty (set empty if previously parsed as invalid).


Discovery 2018-02-21
Entry 2018-02-22
asterisk13
< 13.19.2

pjsip
< 2.7.2

pjsip-extsrtp
< 2.7.2

https://downloads.asterisk.org/pub/security/AST-2018-002.html
https://downloads.asterisk.org/pub/security/AST-2018-003.html
c599f95c-8ee5-11e7-8be8-001999f8d30basterisk -- Unauthorized data disclosure and shell access command injection in app_minivm

The Asterisk project reports:

AST-2017-005 - A change was made to the strict RTP support in the RTP stack to better tolerate late media when a reinvite occurs. When combined with the symmetric RTP support this introduced an avenue where media could be hijacked. Instead of only learning a new address when expected the new code allowed a new source address to be learned at all times.

AST-2017-006 - The app_minivm module has an "externnotify" program configuration option that is executed by the MinivmNotify dialplan application. The application uses the caller-id name and number as part of a built string passed to the OS shell for interpretation and execution. Since the caller-id name and number can come from an untrusted source, a crafted caller-id name or number allows an arbitrary shell command injection.


Discovery 2017-08-31
Entry 2017-09-01
asterisk11
< 11.25.2

asterisk13
< 13.17.1

https://downloads.asterisk.org/pub/security/AST-2017-005.html
CVE-2017-14099
https://downloads.asterisk.org/pub/security/AST-2017-006.html
CVE-2017-14100
933654ce-17b8-11e8-90b8-001999f8d30basterisk -- multiple vulnerabilities

The Asterisk project reports:

AST-2018-004 - When processing a SUBSCRIBE request the res_pjsip_pubsub module stores the accepted formats present in the Accept headers of the request. This code did not limit the number of headers it processed despite having a fixed limit of 32. If more than 32 Accept headers were present the code would write outside of its memory and cause a crash.

AST-2018-005 - A crash occurs when a number of authenticated INVITE messages are sent over TCP or TLS and then the connection is suddenly closed. This issue leads to a segmentation fault.


Discovery 2018-02-21
Entry 2018-02-22
Modified 2018-06-12
asterisk13
< 13.19.2

https://downloads.asterisk.org/pub/security/AST-2018-004.html
CVE-2018-7284
https://downloads.asterisk.org/pub/security/AST-2018-005.html
CVE-2018-7286
818b2bcb-a46f-11e9-bed9-001999f8d30basterisk -- Remote crash vulnerability with MESSAGE messages

The Asterisk project reports:

A specially crafted SIP in-dialog MESSAGE message can cause Asterisk to crash.


Discovery 2019-06-13
Entry 2019-07-12
asterisk13
< 13.27.1

asterisk15
< 15.7.3

asterisk16
< 16.4.1

https://downloads.asterisk.org/pub/security/AST-2019-002.html
CVE-2019-12827
77f67b46-bd75-11e8-81b6-001999f8d30basterisk -- Remote crash vulnerability in HTTP websocket upgrade

The Asterisk project reports:

There is a stack overflow vulnerability in the res_http_websocket.so module of Asterisk that allows an attacker to crash Asterisk via a specially crafted HTTP request to upgrade the connection to a websocket. The attackers request causes Asterisk to run out of stack space and crash.

As a workaround disable HTTP websocket access by not loading the res_http_websocket.so module.


Discovery 2018-08-16
Entry 2018-09-21
asterisk13
< 13.23.1

asterisk15
< 15.6.1

https://downloads.asterisk.org/pub/security/AST-2018-009.html
CVE-2018-17281
4a67450a-e044-11e7-accc-001999f8d30basterisk -- Remote Crash Vulnerability in RTCP Stack

The Asterisk project reports:

If a compound RTCP packet is received containing more than one report (for example a Receiver Report and a Sender Report) the RTCP stack will incorrectly store report information outside of allocated memory potentially causing a crash.


Discovery 2017-12-12
Entry 2017-12-13
asterisk13
< 13.18.4

https://downloads.asterisk.org/pub/security/AST-2017-012.html
1bb2826b-7229-11eb-8386-001999f8d30basterisk -- Remote Crash Vulnerability in PJSIP channel driver

The Asterisk project reports:

Given a scenario where an outgoing call is placed from Asterisk to a remote SIP server it is possible for a crash to occur.


Discovery 2021-02-08
Entry 2021-02-18
asterisk13
< 13.38.2

asterisk16
< 16.16.1

asterisk18
< 18.2.1

CVE-2021-26906
https://downloads.asterisk.org/pub/security/AST-2021-005.html
53fbffe6-ebf7-11eb-aef1-0897988a1c07asterisk -- pjproject/pjsip: crash when SSL socket destroyed during handshake

The Asterisk project reports:

Depending on the timing, it's possible for Asterisk to crash when using a TLS connection if the underlying socket parent/listener gets destroyed during the handshake.


Discovery 2021-05-05
Entry 2021-07-23
asterisk13
< 13.38.3

asterisk16
< 16.19.1

asterisk18
< 18.5.1

CVE-2021-32686
https://downloads.asterisk.org/pub/security/AST-2021-009.html
be261737-c535-11e7-8da5-001999f8d30basterisk -- Memory/File Descriptor/RTP leak in pjsip session resource

The Asterisk project reports:

A memory leak occurs when an Asterisk pjsip session object is created and that call gets rejected before the session itself is fully established. When this happens the session object never gets destroyed. This then leads to file descriptors and RTP ports being leaked as well.


Discovery 2017-10-15
Entry 2017-11-09
Modified 2017-12-13
asterisk13
ge 13.5.0 lt 13.18.1

https://downloads.asterisk.org/pub/security/AST-2017-011.html
CVE-2017-16672
e9d2e981-a46d-11e9-bed9-001999f8d30basterisk -- Remote Crash Vulnerability in chan_sip channel driver

The Asterisk project reports:

When T.38 faxing is done in Asterisk a T.38 reinvite may be sent to an endpoint to switch it to T.38. If the endpoint responds with an improperly formatted SDP answer including both a T.38 UDPTL stream and an audio or video stream containing only codecs not allowed on the SIP peer or user a crash will occur. The code incorrectly assumes that there will be at least one common codec when T.38 is also in the SDP answer.


Discovery 2019-06-28
Entry 2019-07-12
asterisk13
< 13.27.1

asterisk15
< 15.7.3

asterisk16
< 16.4.1

https://downloads.asterisk.org/pub/security/AST-2019-003.html
CVE-2019-13161
6adf6ce0-44a6-11eb-95b7-001999f8d30basterisk -- Remote crash in res_pjsip_diversion

The Asterisk project reports:

AST-2020-003: A crash can occur in Asterisk when a SIP message is received that has a History-Info header, which contains a tel-uri.

AST-2020-004: A crash can occur in Asterisk when a SIP 181 response is received that has a Diversion header, which contains a tel-uri.


Discovery 2020-12-02
Entry 2020-12-22
asterisk13
< 13.38.1

asterisk16
< 16.15.1

asterisk18
< 18.1.1

https://downloads.asterisk.org/pub/security/AST-2020-003.html
https://downloads.asterisk.org/pub/security/AST-2020-004.html
29b7f0be-1fb7-11eb-b9d4-001999f8d30basterisk -- Outbound INVITE loop on challenge with different nonce

The Asterisk project reports:

If Asterisk is challenged on an outbound INVITE and the nonce is changed in each response, Asterisk will continually send INVITEs in a loop. This causes Asterisk to consume more and more memory since the transaction will never terminate (even if the call is hung up), ultimately leading to a restart or shutdown of Asterisk. Outbound authentication must be configured on the endpoint for this to occur.


Discovery 2020-11-05
Entry 2020-11-05
asterisk13
< 13.37.1

asterisk16
< 16.14.1

asterisk18
< 18.0.1

https://downloads.asterisk.org/pub/security/AST-2020-002.html
7d53d8da-d07a-11e9-8f1a-001999f8d30basterisk -- Remote Crash Vulnerability in audio transcoding

The Asterisk project reports:

When audio frames are given to the audio transcoding support in Asterisk the number of samples are examined and as part of this a message is output to indicate that no samples are present. A change was done to suppress this message for a particular scenario in which the message was not relevant. This change assumed that information about the origin of a frame will always exist when in reality it may not.

This issue presented itself when an RTP packet containing no audio (and thus no samples) was received. In a particular transcoding scenario this audio frame would get turned into a frame with no origin information. If this new frame was then given to the audio transcoding support a crash would occur as no samples and no origin information would be present. The transcoding scenario requires the genericplc option to be set to enabled (the default) and a transcoding path from the source format into signed linear and then from signed linear into another format.

Note that there may be other scenarios that have not been found which can cause an audio frame with no origin to be given to the audio transcoding support and thus cause a crash.


Discovery 2019-08-07
Entry 2019-09-06
asterisk13
< 13.28.1

asterisk16
< 16.5.1

https://downloads.asterisk.org/pub/security/AST-2019-005.html
CVE-2019-15639
0137167b-6dca-11e8-a671-001999f8d30basterisk -- PJSIP endpoint presence disclosure when using ACL

The Asterisk project reports:

When endpoint specific ACL rules block a SIP request they respond with a 403 forbidden. However, if an endpoint is not identified then a 401 unauthorized response is sent. This vulnerability just discloses which requests hit a defined endpoint. The ACL rules cannot be bypassed to gain access to the disclosed endpoints.


Discovery 2018-06-11
Entry 2018-06-11
asterisk13
< 13.21.1

asterisk15
< 15.4.1

https://downloads.asterisk.org/pub/security/AST-2018-008.html
c2ea3b31-9d75-11e7-bb13-001999f8d30basterisk -- RTP/RTCP information leak

The Asterisk project reports:

This is a follow up advisory to AST-2017-005.

Insufficient RTCP packet validation could allow reading stale buffer contents and when combined with the "nat" and "symmetric_rtp" options allow redirecting where Asterisk sends the next RTCP report.

The RTP stream qualification to learn the source address of media always accepted the first RTP packet as the new source and allowed what AST-2017-005 was mitigating. The intent was to qualify a series of packets before accepting the new source address.

The RTP/RTCP stack will now validate RTCP packets before processing them.


Discovery 2017-09-01
Entry 2017-09-19
asterisk11
< 11.25.3

asterisk13
< 13.17.2

https://downloads.asterisk.org/pub/security/AST-2017-008.html
CVE-2017-14099
ec1df2a1-8ee6-11e7-8be8-001999f8d30basterisk -- Remote Crash Vulerability in res_pjsip

The Asterisk project reports:

A carefully crafted URI in a From, To or Contact header could cause Asterisk to crash.


Discovery 2017-08-31
Entry 2017-09-01
asterisk13
< 13.17.1

https://downloads.asterisk.org/pub/security/AST-2017-007.html
CVE-2017-14098
19b052c9-c533-11e7-8da5-001999f8d30basterisk -- Buffer overflow in pjproject header parsing can cause crash in Asterisk

The Asterisk project reports:

By carefully crafting invalid values in the Cseq and the Via header port, pjprojects packet parsing code can create strings larger than the buffer allocated to hold them. This will usually cause Asterisk to crash immediately. The packets do not have to be authenticated.


Discovery 2017-10-05
Entry 2017-11-09
Modified 2017-11-15
asterisk13
< 13.18.1

pjsip
< 2.7.1

pjsip-extsrtp
< 2.7.1

https://downloads.asterisk.org/pub/security/AST-2017-009.html
fb3455be-ebf6-11eb-aef1-0897988a1c07asterisk -- Remote crash when using IAX2 channel driver

The Asterisk project reports:

If the IAX2 channel driver receives a packet that contains an unsupported media format it can cause a crash to occur in Asterisk.


Discovery 2021-04-13
Entry 2021-07-23
asterisk13
< 13.38.3

asterisk16
< 16.19.1

asterisk18
< 18.5.1

CVE-2021-32558
https://downloads.asterisk.org/pub/security/AST-2021-008.html
e91cf90c-d6dd-11e7-9d10-001999f8d30basterisk -- DOS Vulnerability in Asterisk chan_skinny

The Asterisk project reports:

If the chan_skinny (AKA SCCP protocol) channel driver is flooded with certain requests it can cause the asterisk process to use excessive amounts of virtual memory eventually causing asterisk to stop processing requests of any kind.


Discovery 2017-11-30
Entry 2017-12-01
Modified 2017-12-13
asterisk13
< 13.18.3

https://downloads.asterisk.org/pub/security/AST-2017-013.html
CVE-2017-17090
a8d94711-0d03-11ea-87ca-001999f8d30basterisk -- SIP request can change address of a SIP peer

The Asterisk project reports:

A SIP request can be sent to Asterisk that can change a SIP peers IP address. A REGISTER does not need to occur, and calls can be hijacked as a result. The only thing that needs to be known is the peers name; authentication details such as passwords do not need to be known. This vulnerability is only exploitable when the nat option is set to the default, or auto_force_rport.


Discovery 2019-10-17
Entry 2019-11-22
asterisk13
< 13.29.2

asterisk16
< 16.6.2

https://downloads.asterisk.org/pub/security/AST-2019-006.html
CVE-2019-18790
49b61ab6-0d04-11ea-87ca-001999f8d30basterisk -- AMI user could execute system commands

The Asterisk project reports:

A remote authenticated Asterisk Manager Interface (AMI) user without system authorization could use a specially crafted Originate AMI request to execute arbitrary system commands.


Discovery 2019-10-10
Entry 2019-11-22
asterisk13
< 13.29.2

asterisk16
< 16.6.2

https://downloads.asterisk.org/pub/security/AST-2019-007.html
CVE-2019-18610