FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The last vuln.xml file processed by FreshPorts is:

Revision:  567419
Date:      2021-03-05
Time:      21:18:20Z
Committer: mfechner

List all Vulnerabilities, by package

List all Vulnerabilities, by date

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
6adf6ce0-44a6-11eb-95b7-001999f8d30basterisk -- Remote crash in res_pjsip_diversion

The Asterisk project reports:

AST-2020-003: A crash can occur in Asterisk when a SIP message is received that has a History-Info header, which contains a tel-uri.

AST-2020-004: A crash can occur in Asterisk when a SIP 181 response is received that has a Diversion header, which contains a tel-uri.


Discovery 2020-12-02
Entry 2020-12-22
asterisk13
lt 13.38.1

asterisk16
lt 16.15.1

asterisk18
lt 18.1.1

https://downloads.asterisk.org/pub/security/AST-2020-003.html
https://downloads.asterisk.org/pub/security/AST-2020-004.html
bb389137-21fb-11e1-89b4-001ec9578670asterisk -- Multiple Vulnerabilities

Asterisk project reports:

It is possible to enumerate SIP usernames when the general and user/peer NAT settings differ in whether to respond to the port a request is sent from or the port listed for responses in the Via header.

When the "automon" feature is enabled in features.conf, it is possible to send a sequence of SIP requests that cause Asterisk to dereference a NULL pointer and crash.


Discovery 2011-12-08
Entry 2011-12-09
asterisk18
lt 1.8.7.2

asterisk16
lt 1.6.2.21

CVE-2011-4597
CVE-2011-4598
http://downloads.asterisk.org/pub/security/AST-2011-013.html
http://downloads.asterisk.org/pub/security/AST-2011-014.html
3c7d565a-6c64-11e0-813a-6c626dd55a41Asterisk -- multiple vulnerabilities

The Asterisk Development Team reports:

It is possible for a user of the Asterisk Manager Interface to bypass a security check and execute shell commands when they should not have that ability. Sending the "Async" header with the "Application" header during an Originate action, allows authenticated manager users to execute shell commands. Only users with the "system" privilege should be able to do this.

On systems that have the Asterisk Manager Interface, Skinny, SIP over TCP, or the built in HTTP server enabled, it is possible for an attacker to open as many connections to asterisk as he wishes. This will cause Asterisk to run out of available file descriptors and stop processing any new calls. Additionally, disk space can be exhausted as Asterisk logs failures to open new file descriptors.


Discovery 2011-04-21
Entry 2011-04-21
asterisk14
gt 1.4.* lt 1.4.40.1

asterisk16
gt 1.6.* lt 1.6.2.17.3

asterisk18
gt 1.8.* lt 1.8.3.3

CVE-2011-1507
http://downloads.asterisk.org/pub/security/AST-2011-005.pdf
http://downloads.asterisk.org/pub/security/AST-2011-006.pdf
972fe546-1fb6-11eb-b9d4-001999f8d30basterisk -- Remote crash in res_pjsip_session

The Asterisk project reports:

Upon receiving a new SIP Invite, Asterisk did not return the created dialog locked or referenced. This caused a gap between the creation of the dialog object, and its next use by the thread that created it. Depending upon some off nominal circumstances, and timing it was possible for another thread to free said dialog in this gap. Asterisk could then crash when the dialog object, or any of its dependent objects were de-referenced, or accessed next by the initial creation thread.


Discovery 2020-11-05
Entry 2020-11-05
asterisk13
lt 13.37.1

asterisk16
lt 16.14.1

asterisk18
lt 18.0.1

https://downloads.asterisk.org/pub/security/AST-2020-001.html
e9d2e981-a46d-11e9-bed9-001999f8d30basterisk -- Remote Crash Vulnerability in chan_sip channel driver

The Asterisk project reports:

When T.38 faxing is done in Asterisk a T.38 reinvite may be sent to an endpoint to switch it to T.38. If the endpoint responds with an improperly formatted SDP answer including both a T.38 UDPTL stream and an audio or video stream containing only codecs not allowed on the SIP peer or user a crash will occur. The code incorrectly assumes that there will be at least one common codec when T.38 is also in the SDP answer.


Discovery 2019-06-28
Entry 2019-07-12
asterisk13
lt 13.27.1

asterisk15
lt 15.7.3

asterisk16
lt 16.4.1

https://downloads.asterisk.org/pub/security/AST-2019-003.html
CVE-2019-13161
40544e8c-9f7b-11e0-9bec-6c626dd55a41Asterisk -- multiple vulnerabilities

The Asterisk Development Team reports:

AST-2011-008: If a remote user sends a SIP packet containing a NULL, Asterisk assumes available data extends past the null to the end of the packet when the buffer is actually truncated when copied. This causes SIP header parsing to modify data past the end of the buffer altering unrelated memory structures. This vulnerability does not affect TCP/TLS connections.

AST-2011-009: A remote user sending a SIP packet containing a Contact header with a missing left angle bracket causes Asterisk to access a null pointer.

AST-2011-010: A memory address was inadvertently transmitted over the network via IAX2 via an option control frame and the remote party would try to access it.

Possible enumeration of SIP users due to differing authentication responses.


Discovery 2011-06-24
Entry 2011-06-25
Modified 2011-06-29
asterisk14
gt 1.4.* lt 1.4.41.2

asterisk16
gt 1.6.* lt 1.6.2.18.2

asterisk18
gt 1.8.* lt 1.8.4.4

CVE-2011-2529
CVE-2011-2535
CVE-2011-2536
http://downloads.asterisk.org/pub/security/AST-2011-008.html
http://downloads.asterisk.org/pub/security/AST-2011-009.html
http://downloads.asterisk.org/pub/security/AST-2011-010.html
http://downloads.asterisk.org/pub/security/AST-2011-011.html
bfe9c75e-5028-11e0-b2d2-00215c6a37bbasterisk -- Multiple Vulnerabilities

The Asterisk Development Team reports:

The releases of Asterisk 1.6.1.23, 1.6.2.17.1, and 1.8.3.1 resolve two issues:

  • Resource exhaustion in Asterisk Manager Interface (AST-2011-003)
  • Remote crash vulnerability in TCP/TLS server (AST-2011-004)

The issues and resolutions are described in the AST-2011-003 and AST-2011-004 security advisories.


Discovery 2011-03-01
Entry 2011-03-16
asterisk16
gt 1.6.* lt 1.6.2.17.1

asterisk18
gt 1.8.* lt 1.8.3.1

http://downloads.asterisk.org/pub/security/AST-2011-003.html
http://downloads.asterisk.org/pub/security/AST-2011-004.html
359f615d-a9e1-11e1-8a66-14dae9ebcf89asterisk -- multiple vulnerabilities

Asterisk project reports:

Remote crash vulnerability in IAX2 channel driver.

Skinny Channel Driver Remote Crash Vulnerability


Discovery 2012-05-29
Entry 2012-05-29
Modified 2012-05-29
asterisk16
gt 1.6.* le 1.6.2.24

asterisk18
gt 1.8.* lt 1.8.12.1

asterisk10
gt 10.* lt 10.4.1

CVE-2012-2947
http://downloads.digium.com/pub/security/AST-2012-007.html
CVE-2012-2948
http://downloads.digium.com/pub/security/AST-2012-008.html
https://www.asterisk.org/security
be0e3817-3bfe-11e9-9cd6-001999f8d30basterisk -- Remote crash vulnerability with SDP protocol violation

The Asterisk project reports:

When Asterisk makes an outgoing call, a very specific SDP protocol violation by the remote party can cause Asterisk to crash.


Discovery 2019-01-24
Entry 2019-03-01
asterisk15
lt 15.7.2

asterisk16
lt 16.2.1

https://downloads.asterisk.org/pub/security/AST-2019-001.html
CVE-2019-7251
7d53d8da-d07a-11e9-8f1a-001999f8d30basterisk -- Remote Crash Vulnerability in audio transcoding

The Asterisk project reports:

When audio frames are given to the audio transcoding support in Asterisk the number of samples are examined and as part of this a message is output to indicate that no samples are present. A change was done to suppress this message for a particular scenario in which the message was not relevant. This change assumed that information about the origin of a frame will always exist when in reality it may not.

This issue presented itself when an RTP packet containing no audio (and thus no samples) was received. In a particular transcoding scenario this audio frame would get turned into a frame with no origin information. If this new frame was then given to the audio transcoding support a crash would occur as no samples and no origin information would be present. The transcoding scenario requires the genericplc option to be set to enabled (the default) and a transcoding path from the source format into signed linear and then from signed linear into another format.

Note that there may be other scenarios that have not been found which can cause an audio frame with no origin to be given to the audio transcoding support and thus cause a crash.


Discovery 2019-08-07
Entry 2019-09-06
asterisk13
lt 13.28.1

asterisk16
lt 16.5.1

https://downloads.asterisk.org/pub/security/AST-2019-005.html
CVE-2019-15639
65d16342-3ec8-11e0-9df7-001c42d23634asterisk -- Exploitable Stack and Heap Array Overflows

The Asterisk Development Team reports:

The releases of Asterisk 1.4.39.2, 1.6.1.22, 1.6.2.16.2, and 1.8.2.4 resolve an issue that when decoding UDPTL packets, multiple heap based arrays can be made to overflow by specially crafted packets. Systems configured for T.38 pass through or termination are vulnerable. The issue and resolution are described in the AST-2011-002 security advisory.


Discovery 2011-02-21
Entry 2011-02-22
asterisk14
gt 1.4.* lt 1.4.39.2

asterisk16
gt 1.6.* lt 1.6.2.16.2

asterisk18
gt 1.8.* lt 1.8.2.4

http://downloads.asterisk.org/pub/security/AST-2011-002.html
http://secunia.com/advisories/43429/
0d530174-6eef-11e1-afd6-14dae9ebcf89asterisk -- multiple vulnerabilities

Asterisk project reports:

Stack Buffer Overflow in HTTP Manager

Remote Crash Vulnerability in Milliwatt Application


Discovery 2012-03-15
Entry 2012-03-15
asterisk14
gt 1.4.* lt 1.4.44

asterisk16
gt 1.6.* lt 1.6.2.23

asterisk18
gt 1.8.* lt 1.8.10.1

asterisk10
gt 10.* lt 10.2.1

http://downloads.asterisk.org/pub/security/AST-2012-002.html
http://downloads.asterisk.org/pub/security/AST-2012-003.html
bb389137-21fb-11e1-89b4-001ec9578670asterisk -- Multiple Vulnerabilities

Asterisk project reports:

It is possible to enumerate SIP usernames when the general and user/peer NAT settings differ in whether to respond to the port a request is sent from or the port listed for responses in the Via header.

When the "automon" feature is enabled in features.conf, it is possible to send a sequence of SIP requests that cause Asterisk to dereference a NULL pointer and crash.


Discovery 2011-12-08
Entry 2011-12-09
asterisk18
lt 1.8.7.2

asterisk16
lt 1.6.2.21

CVE-2011-4597
CVE-2011-4598
http://downloads.asterisk.org/pub/security/AST-2011-013.html
http://downloads.asterisk.org/pub/security/AST-2011-014.html
c6fb2734-e835-11e8-b14b-001999f8d30basterisk -- Remote crash vulnerability DNS SRV and NAPTR lookups

The Asterisk project reports:

There is a buffer overflow vulnerability in dns_srv and dns_naptr functions of Asterisk that allows an attacker to crash Asterisk via a specially crafted DNS SRV or NAPTR response. The attackers request causes Asterisk to segfault and crash.


Discovery 2018-10-23
Entry 2018-11-14
asterisk15
lt 15.6.1

asterisk16
lt 16.0.1

https://downloads.asterisk.org/pub/security/AST-2018-010.html
d94c08d2-d079-11e9-8f1a-001999f8d30basterisk -- Crash when negotiating for T.38 with a declined stream

The Asterisk project reports:

When Asterisk sends a re-invite initiating T.38 faxing, and the endpoint responds with a declined media stream a crash will then occur in Asterisk.


Discovery 2019-08-05
Entry 2019-09-06
asterisk15
lt 15.7.4

asterisk16
lt 16.5.1

https://downloads.asterisk.org/pub/security/AST-2019-004.html
CVE-2019-15297
1c5abbe2-8d7f-11e1-a374-14dae9ebcf89asterisk -- multiple vulnerabilities

Asterisk project reports:

Remote Crash Vulnerability in SIP Channel Driver

Heap Buffer Overflow in Skinny Channel Driver

Asterisk Manager User Unauthorized Shell Access


Discovery 2012-04-23
Entry 2012-04-23
asterisk16
gt 1.6.* lt 1.6.2.24

asterisk18
gt 1.8.* lt 1.8.11.1

asterisk10
gt 10.* lt 10.3.1

http://downloads.digium.com/pub/security/AST-2012-004.html
CVE-2012-2414
http://downloads.digium.com/pub/security/AST-2012-005.html
CVE-2012-2415
http://downloads.digium.com/pub/security/AST-2012-006.html
CVE-2012-2416
5ab9fb2a-23a5-11e0-a835-0003ba02bf30asterisk -- Exploitable Stack Buffer Overflow

The Asterisk Development Team reports:

The releases of Asterisk 1.4.38.1, 1.4.39.1, 1.6.1.21, 1.6.2.15.1, 1.6.2.16.2, 1.8.1.2, and 1.8.2.1 resolve an issue when forming an outgoing SIP request while in pedantic mode, which can cause a stack buffer to be made to overflow if supplied with carefully crafted caller ID information. The issue and resolution are described in the AST-2011-001 security advisory.


Discovery 2011-01-18
Entry 2011-01-19
asterisk14
gt 1.4.* lt 1.4.39.1

asterisk16
gt 1.6.* lt 1.6.2.16.1

asterisk18
gt 1.8.* lt 1.8.2.2

http://downloads.asterisk.org/pub/security/AST-2011-001.pdf
49b61ab6-0d04-11ea-87ca-001999f8d30basterisk -- AMI user could execute system commands

The Asterisk project reports:

A remote authenticated Asterisk Manager Interface (AMI) user without system authorization could use a specially crafted Originate AMI request to execute arbitrary system commands.


Discovery 2019-10-10
Entry 2019-11-22
asterisk13
lt 13.29.2

asterisk16
lt 16.6.2

https://downloads.asterisk.org/pub/security/AST-2019-007.html
CVE-2019-18610
a8d94711-0d03-11ea-87ca-001999f8d30basterisk -- SIP request can change address of a SIP peer

The Asterisk project reports:

A SIP request can be sent to Asterisk that can change a SIP peers IP address. A REGISTER does not need to occur, and calls can be hijacked as a result. The only thing that needs to be known is the peers name; authentication details such as passwords do not need to be known. This vulnerability is only exploitable when the nat option is set to the default, or auto_force_rport.


Discovery 2019-10-17
Entry 2019-11-22
asterisk13
lt 13.29.2

asterisk16
lt 16.6.2

https://downloads.asterisk.org/pub/security/AST-2019-006.html
CVE-2019-18790
818b2bcb-a46f-11e9-bed9-001999f8d30basterisk -- Remote crash vulnerability with MESSAGE messages

The Asterisk project reports:

A specially crafted SIP in-dialog MESSAGE message can cause Asterisk to crash.


Discovery 2019-06-13
Entry 2019-07-12
asterisk13
lt 13.27.1

asterisk15
lt 15.7.3

asterisk16
lt 16.4.1

https://downloads.asterisk.org/pub/security/AST-2019-002.html
CVE-2019-12827
29b7f0be-1fb7-11eb-b9d4-001999f8d30basterisk -- Outbound INVITE loop on challenge with different nonce

The Asterisk project reports:

If Asterisk is challenged on an outbound INVITE and the nonce is changed in each response, Asterisk will continually send INVITEs in a loop. This causes Asterisk to consume more and more memory since the transaction will never terminate (even if the call is hung up), ultimately leading to a restart or shutdown of Asterisk. Outbound authentication must be configured on the endpoint for this to occur.


Discovery 2020-11-05
Entry 2020-11-05
asterisk13
lt 13.37.1

asterisk16
lt 16.14.1

asterisk18
lt 18.0.1

https://downloads.asterisk.org/pub/security/AST-2020-002.html