FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-03-27 18:04:16 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
c6fb2734-e835-11e8-b14b-001999f8d30basterisk -- Remote crash vulnerability DNS SRV and NAPTR lookups

The Asterisk project reports:

There is a buffer overflow vulnerability in dns_srv and dns_naptr functions of Asterisk that allows an attacker to crash Asterisk via a specially crafted DNS SRV or NAPTR response. The attackers request causes Asterisk to segfault and crash.


Discovery 2018-10-23
Entry 2018-11-14
asterisk15
< 15.6.1

asterisk16
< 16.0.1

https://downloads.asterisk.org/pub/security/AST-2018-010.html
e9d2e981-a46d-11e9-bed9-001999f8d30basterisk -- Remote Crash Vulnerability in chan_sip channel driver

The Asterisk project reports:

When T.38 faxing is done in Asterisk a T.38 reinvite may be sent to an endpoint to switch it to T.38. If the endpoint responds with an improperly formatted SDP answer including both a T.38 UDPTL stream and an audio or video stream containing only codecs not allowed on the SIP peer or user a crash will occur. The code incorrectly assumes that there will be at least one common codec when T.38 is also in the SDP answer.


Discovery 2019-06-28
Entry 2019-07-12
asterisk13
< 13.27.1

asterisk15
< 15.7.3

asterisk16
< 16.4.1

https://downloads.asterisk.org/pub/security/AST-2019-003.html
CVE-2019-13161
d94c08d2-d079-11e9-8f1a-001999f8d30basterisk -- Crash when negotiating for T.38 with a declined stream

The Asterisk project reports:

When Asterisk sends a re-invite initiating T.38 faxing, and the endpoint responds with a declined media stream a crash will then occur in Asterisk.


Discovery 2019-08-05
Entry 2019-09-06
asterisk15
< 15.7.4

asterisk16
< 16.5.1

https://downloads.asterisk.org/pub/security/AST-2019-004.html
CVE-2019-15297
be0e3817-3bfe-11e9-9cd6-001999f8d30basterisk -- Remote crash vulnerability with SDP protocol violation

The Asterisk project reports:

When Asterisk makes an outgoing call, a very specific SDP protocol violation by the remote party can cause Asterisk to crash.


Discovery 2019-01-24
Entry 2019-03-01
asterisk15
< 15.7.2

asterisk16
< 16.2.1

https://downloads.asterisk.org/pub/security/AST-2019-001.html
CVE-2019-7251
818b2bcb-a46f-11e9-bed9-001999f8d30basterisk -- Remote crash vulnerability with MESSAGE messages

The Asterisk project reports:

A specially crafted SIP in-dialog MESSAGE message can cause Asterisk to crash.


Discovery 2019-06-13
Entry 2019-07-12
asterisk13
< 13.27.1

asterisk15
< 15.7.3

asterisk16
< 16.4.1

https://downloads.asterisk.org/pub/security/AST-2019-002.html
CVE-2019-12827
77f67b46-bd75-11e8-81b6-001999f8d30basterisk -- Remote crash vulnerability in HTTP websocket upgrade

The Asterisk project reports:

There is a stack overflow vulnerability in the res_http_websocket.so module of Asterisk that allows an attacker to crash Asterisk via a specially crafted HTTP request to upgrade the connection to a websocket. The attackers request causes Asterisk to run out of stack space and crash.

As a workaround disable HTTP websocket access by not loading the res_http_websocket.so module.


Discovery 2018-08-16
Entry 2018-09-21
asterisk13
< 13.23.1

asterisk15
< 15.6.1

https://downloads.asterisk.org/pub/security/AST-2018-009.html
CVE-2018-17281