FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-03-29 07:54:42 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
f9f5c5a2-17b5-11e8-90b8-001999f8d30basterisk and pjsip -- multiple vulnerabilities

The Asterisk project reports:

AST-2018-002 - By crafting an SDP message with an invalid media format description Asterisk crashes when using the pjsip channel driver because pjproject's sdp parsing algorithm fails to catch the invalid media format description.

AST-2018-003 - By crafting an SDP message body with an invalid fmtp attribute Asterisk crashes when using the pjsip channel driver because pjproject's fmtp retrieval function fails to check if fmtp value is empty (set empty if previously parsed as invalid).


Discovery 2018-02-21
Entry 2018-02-22
asterisk13
< 13.19.2

pjsip
< 2.7.2

pjsip-extsrtp
< 2.7.2

https://downloads.asterisk.org/pub/security/AST-2018-002.html
https://downloads.asterisk.org/pub/security/AST-2018-003.html
92ad12b8-ec09-11eb-aef1-0897988a1c07pjsip -- Race condition in SSL socket server

pjsip reports:

There are a couple of issues found in the SSL socket:

  • A race condition between callback and destroy, due to the accepted socket having no group lock.
  • SSL socket parent/listener may get destroyed during handshake.

Discovery 2021-07-23
Entry 2021-07-23
pjsip
< 2.11.1

CVE-2021-32686
https://github.com/pjsip/pjproject/security/advisories/GHSA-cv8x-p47p-99wr
19b052c9-c533-11e7-8da5-001999f8d30basterisk -- Buffer overflow in pjproject header parsing can cause crash in Asterisk

The Asterisk project reports:

By carefully crafting invalid values in the Cseq and the Via header port, pjprojects packet parsing code can create strings larger than the buffer allocated to hold them. This will usually cause Asterisk to crash immediately. The packets do not have to be authenticated.


Discovery 2017-10-05
Entry 2017-11-09
Modified 2017-11-15
asterisk13
< 13.18.1

pjsip
< 2.7.1

pjsip-extsrtp
< 2.7.1

https://downloads.asterisk.org/pub/security/AST-2017-009.html