FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-03-29 07:54:42 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
77f67b46-bd75-11e8-81b6-001999f8d30basterisk -- Remote crash vulnerability in HTTP websocket upgrade

The Asterisk project reports:

There is a stack overflow vulnerability in the res_http_websocket.so module of Asterisk that allows an attacker to crash Asterisk via a specially crafted HTTP request to upgrade the connection to a websocket. The attackers request causes Asterisk to run out of stack space and crash.

As a workaround disable HTTP websocket access by not loading the res_http_websocket.so module.


Discovery 2018-08-16
Entry 2018-09-21
asterisk13
< 13.23.1

asterisk15
< 15.6.1

https://downloads.asterisk.org/pub/security/AST-2018-009.html
CVE-2018-17281