FreeBSD VuXML

Documenting security issues in FreeBSD and the FreeBSD Ports Collection

Security issues that affect the FreeBSD operating system or applications in the FreeBSD Ports Collection are documented using the Vulnerabilities and Exposures Markup Language (VuXML). The current VuXML document that serves as the source for the content of this site can be found:

in the FreeBSD Ports Collection repository, path ports/security/vuxml/vuln.xml
as a local copy
as a local copy, compressed with bzip2
as a local copy, compressed with xz
as a local copy, compressed with zstandard

Please report security issues to the FreeBSD Security Team at <ports-secteam@FreeBSD.org>. Full contact details, including information handling policies and PGP key, can be found on the FreeBSD Security page.

asterisk13

asterisk13 at FreshPorts.org

Entered	Topic
2021-07-23	asterisk -- pjproject/pjsip: crash when SSL socket destroyed during handshake
2021-07-23	asterisk -- Remote crash when using IAX2 channel driver
2021-02-18	asterisk -- Remote attacker could prematurely tear down SRTP calls
	asterisk -- Remote crash in res_pjsip_diversion
	asterisk -- Remote Crash Vulnerability in PJSIP channel driver
2020-12-22	asterisk -- Remote crash in res_pjsip_diversion
2020-11-05	asterisk -- Outbound INVITE loop on challenge with different nonce
2020-11-05	asterisk -- Remote crash in res_pjsip_session
2019-11-22	asterisk -- AMI user could execute system commands
	asterisk -- Re-invite with T.38 and malformed SDP causes crash
	asterisk -- SIP request can change address of a SIP peer
2019-09-06	asterisk -- Remote Crash Vulnerability in audio transcoding
2019-07-12	asterisk -- Remote Crash Vulnerability in chan_sip channel driver
2019-07-12	asterisk -- Remote crash vulnerability with MESSAGE messages
2018-09-21	asterisk -- Remote crash vulnerability in HTTP websocket upgrade
2018-06-11	asterisk -- PJSIP endpoint presence disclosure when using ACL
2018-02-22	asterisk -- multiple vulnerabilities
2018-02-22	asterisk and pjsip -- multiple vulnerabilities
2017-12-23	asterisk -- Crash in PJSIP resource when missing a contact header
2017-12-13	asterisk -- Remote Crash Vulnerability in RTCP Stack
2017-12-01	asterisk -- DOS Vulnerability in Asterisk chan_skinny
2017-11-09	asterisk -- Buffer overflow in CDR's set user
	asterisk -- Buffer overflow in pjproject header parsing can cause crash in Asterisk
	asterisk -- Memory/File Descriptor/RTP leak in pjsip session resource
2017-09-19	asterisk -- RTP/RTCP information leak
2017-09-01	asterisk -- Remote Crash Vulerability in res_pjsip
2017-09-01	asterisk -- Unauthorized data disclosure and shell access command injection in app_minivm
2017-05-19	asterisk -- Buffer Overrun in PJSIP transaction layer
2017-05-19	asterisk -- Memory exhaustion on short SCCP packets
2017-04-04	asterisk -- Buffer overflow in CDR's set user
2016-12-09	asterisk -- Authentication Bypass
2016-12-09	asterisk -- Crash on SDP offer or answer from endpoint using Opus
2016-09-08	asterisk -- Crash on ACK from unknown endpoint
2016-09-08	asterisk -- RTP Resource Exhaustion
2016-04-15	asterisk -- Long Contact URIs in REGISTER requests can crash Asterisk
2016-02-04	asterisk -- Multiple vulnerabilities
2015-04-08	asterisk -- TLS Certificate Common name NULL byte exploit
2015-01-29	asterisk -- File descriptor leak when incompatible codecs are offered
2015-01-29	asterisk -- Mitigation for libcURL HTTP request injection vulnerability