vulnerability
FreeBSD: VID-f9f5c5a2-17b5-11e8-90b8-001999f8d30b: asterisk and pjsip -- multiple vulnerabilities
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 8 | (AV:N/AC:L/Au:N/C:N/I:N/A:C) | Feb 22, 2018 | Feb 23, 2018 | Dec 10, 2025 |
Severity
8
CVSS
(AV:N/AC:L/Au:N/C:N/I:N/A:C)
Published
Feb 22, 2018
Added
Feb 23, 2018
Modified
Dec 10, 2025
Description
The Asterisk project reports: AST-2018-002 - By crafting an SDP message with an invalid media format description Asterisk crashes when using the pjsip channel driver because pjproject's sdp parsing algorithm fails to catch the invalid media format description. AST-2018-003 - By crafting an SDP message body with an invalid fmtp attribute Asterisk crashes when using the pjsip channel driver because pjproject's fmtp retrieval function fails to check if fmtp value is empty (set empty if previously parsed as invalid).
Solutions
freebsd-upgrade-package-asterisk13freebsd-upgrade-package-pjsipfreebsd-upgrade-package-pjsip-extsrtp
References
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.