FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

asterisk -- Remote Crash Vulnerability in RTCP Stack

Affected packages
asterisk13 < 13.18.4

Details

VuXML ID 4a67450a-e044-11e7-accc-001999f8d30b
Discovery 2017-12-12
Entry 2017-12-13

The Asterisk project reports:

If a compound RTCP packet is received containing more than one report (for example a Receiver Report and a Sender Report) the RTCP stack will incorrectly store report information outside of allocated memory potentially causing a crash.

References

URL https://downloads.asterisk.org/pub/security/AST-2017-012.html