FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The last vuln.xml file processed by FreshPorts is:

nothing found there

List all Vulnerabilities, by package

List all Vulnerabilities, by date

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
1bb2826b-7229-11eb-8386-001999f8d30basterisk -- Remote Crash Vulnerability in PJSIP channel driver

The Asterisk project reports:

Given a scenario where an outgoing call is placed from Asterisk to a remote SIP server it is possible for a crash to occur.


Discovery 2021-02-08
Entry 2021-02-18
asterisk13
lt 13.38.2

asterisk16
lt 16.16.1

asterisk18
lt 18.2.1

CVE-2021-26906
https://downloads.asterisk.org/pub/security/AST-2021-005.html
e3894955-7227-11eb-8386-001999f8d30basterisk -- Remote crash possible when negotiating T.38

The Asterisk project reports:

When re-negotiating for T.38 if the initial remote response was delayed just enough Asterisk would send both audio and T.38 in the SDP. If this happened, and the remote responded with a declined T.38 stream then Asterisk would crash.


Discovery 2021-02-05
Entry 2021-02-18
asterisk16
ge 16.15.0 lt 16.16.1

asterisk18
ge 18.1.0 lt 18.2.1

CVE-2021-26717
https://downloads.asterisk.org/pub/security/AST-2021-002.html
b330db5f-7225-11eb-8386-001999f8d30basterisk -- Remote crash in res_pjsip_diversion

The Asterisk project reports:

If a registered user is tricked into dialing a malicious number that sends lots of 181 responses to Asterisk, each one will cause a 181 to be sent back to the original caller with an increasing number of entries in the "Supported" header. Eventually the number of entries in the header exceeds the size of the entry array and causes a crash.


Discovery 2021-01-04
Entry 2021-02-18
asterisk13
ge 13.38.1 lt 13.38.2

asterisk16
ge 16.15.1 lt 16.16.1

asterisk18
ge 18.1.1 lt 18.2.1

CVE-2020-35776
https://downloads.asterisk.org/pub/security/AST-2021-001.html
9e8f0766-7d21-11eb-a2be-001999f8d30basterisk -- Crash when negotiating T.38 with a zero port

The Asterisk project reports:

When Asterisk sends a re-invite initiating T.38 faxing and the endpoint responds with a m=image line and zero port, a crash will occur in Asterisk. This is a reoccurrence of AST-2019-004.


Discovery 2021-02-20
Entry 2021-03-04
asterisk16
lt 16.16.2

asterisk18
lt 18.2.2

CVE-2019-15297
https://downloads.asterisk.org/pub/security/AST-2021-006.html