FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The last vuln.xml file processed by FreshPorts is:

Revision:  567419
Date:      2021-03-05
Time:      21:18:20Z
Committer: mfechner

List all Vulnerabilities, by package

List all Vulnerabilities, by date

These are the vulnerabilities relating to the commit you have selected:

VuXML ID	Description
29b7f0be-1fb7-11eb-b9d4-001999f8d30b	asterisk -- Outbound INVITE loop on challenge with different nonce The Asterisk project reports: If Asterisk is challenged on an outbound INVITE and the nonce is changed in each response, Asterisk will continually send INVITEs in a loop. This causes Asterisk to consume more and more memory since the transaction will never terminate (even if the call is hung up), ultimately leading to a restart or shutdown of Asterisk. Outbound authentication must be configured on the endpoint for this to occur. Discovery 2020-11-05 Entry 2020-11-05 asterisk13 lt 13.37.1 asterisk16 lt 16.14.1 asterisk18 lt 18.0.1 https://downloads.asterisk.org/pub/security/AST-2020-002.html
972fe546-1fb6-11eb-b9d4-001999f8d30b	asterisk -- Remote crash in res_pjsip_session The Asterisk project reports: Upon receiving a new SIP Invite, Asterisk did not return the created dialog locked or referenced. This caused a gap between the creation of the dialog object, and its next use by the thread that created it. Depending upon some off nominal circumstances, and timing it was possible for another thread to free said dialog in this gap. Asterisk could then crash when the dialog object, or any of its dependent objects were de-referenced, or accessed next by the initial creation thread. Discovery 2020-11-05 Entry 2020-11-05 asterisk13 lt 13.37.1 asterisk16 lt 16.14.1 asterisk18 lt 18.0.1 https://downloads.asterisk.org/pub/security/AST-2020-001.html
6adf6ce0-44a6-11eb-95b7-001999f8d30b	asterisk -- Remote crash in res_pjsip_diversion The Asterisk project reports: AST-2020-003: A crash can occur in Asterisk when a SIP message is received that has a History-Info header, which contains a tel-uri. AST-2020-004: A crash can occur in Asterisk when a SIP 181 response is received that has a Diversion header, which contains a tel-uri. Discovery 2020-12-02 Entry 2020-12-22 asterisk13 lt 13.38.1 asterisk16 lt 16.15.1 asterisk18 lt 18.1.1 https://downloads.asterisk.org/pub/security/AST-2020-003.html https://downloads.asterisk.org/pub/security/AST-2020-004.html

VuXML ID

Description

29b7f0be-1fb7-11eb-b9d4-001999f8d30b

asterisk -- Outbound INVITE loop on challenge with different nonce

The Asterisk project reports:

If Asterisk is challenged on an outbound INVITE and the nonce is changed in each response, Asterisk will continually send INVITEs in a loop. This causes Asterisk to consume more and more memory since the transaction will never terminate (even if the call is hung up), ultimately leading to a restart or shutdown of Asterisk. Outbound authentication must be configured on the endpoint for this to occur.

Discovery 2020-11-05
Entry 2020-11-05
asterisk13

lt 13.37.1

asterisk16

lt 16.14.1

asterisk18

lt 18.0.1

https://downloads.asterisk.org/pub/security/AST-2020-002.html

972fe546-1fb6-11eb-b9d4-001999f8d30b

asterisk -- Remote crash in res_pjsip_session

The Asterisk project reports:

Upon receiving a new SIP Invite, Asterisk did not return the created dialog locked or referenced. This caused a gap between the creation of the dialog object, and its next use by the thread that created it. Depending upon some off nominal circumstances, and timing it was possible for another thread to free said dialog in this gap. Asterisk could then crash when the dialog object, or any of its dependent objects were de-referenced, or accessed next by the initial creation thread.

Discovery 2020-11-05
Entry 2020-11-05
asterisk13

lt 13.37.1

asterisk16

lt 16.14.1

asterisk18

lt 18.0.1

https://downloads.asterisk.org/pub/security/AST-2020-001.html

6adf6ce0-44a6-11eb-95b7-001999f8d30b

asterisk -- Remote crash in res_pjsip_diversion

The Asterisk project reports:

AST-2020-003: A crash can occur in Asterisk when a SIP message is received that has a History-Info header, which contains a tel-uri.

AST-2020-004: A crash can occur in Asterisk when a SIP 181 response is received that has a Diversion header, which contains a tel-uri.

Discovery 2020-12-02
Entry 2020-12-22
asterisk13

lt 13.38.1

asterisk16

lt 16.15.1

asterisk18

lt 18.1.1

https://downloads.asterisk.org/pub/security/AST-2020-003.html
https://downloads.asterisk.org/pub/security/AST-2020-004.html