FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-04-18 11:12:36 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML ID	Description
f9f5c5a2-17b5-11e8-90b8-001999f8d30b	asterisk and pjsip -- multiple vulnerabilities The Asterisk project reports: AST-2018-002 - By crafting an SDP message with an invalid media format description Asterisk crashes when using the pjsip channel driver because pjproject's sdp parsing algorithm fails to catch the invalid media format description. AST-2018-003 - By crafting an SDP message body with an invalid fmtp attribute Asterisk crashes when using the pjsip channel driver because pjproject's fmtp retrieval function fails to check if fmtp value is empty (set empty if previously parsed as invalid). Discovery 2018-02-21 Entry 2018-02-22 asterisk13 < 13.19.2 pjsip < 2.7.2 pjsip-extsrtp < 2.7.2 https://downloads.asterisk.org/pub/security/AST-2018-002.html https://downloads.asterisk.org/pub/security/AST-2018-003.html

VuXML ID

Description

f9f5c5a2-17b5-11e8-90b8-001999f8d30b

asterisk and pjsip -- multiple vulnerabilities

The Asterisk project reports:

AST-2018-002 - By crafting an SDP message with an invalid media format description Asterisk crashes when using the pjsip channel driver because pjproject's sdp parsing algorithm fails to catch the invalid media format description.

AST-2018-003 - By crafting an SDP message body with an invalid fmtp attribute Asterisk crashes when using the pjsip channel driver because pjproject's fmtp retrieval function fails to check if fmtp value is empty (set empty if previously parsed as invalid).

Discovery 2018-02-21
Entry 2018-02-22
asterisk13

< 13.19.2

pjsip

< 2.7.2

pjsip-extsrtp

< 2.7.2

https://downloads.asterisk.org/pub/security/AST-2018-002.html
https://downloads.asterisk.org/pub/security/AST-2018-003.html