CVE-2025-15542

Improper handling of exceptional conditions in VX800v v1.0 in SIP processing allows an attacker to flood the device with crafted INVITE messages, blocking all voice lines and causing a denial of service on incoming calls...

TP-Link VX800v security vulnerability

The TP-Link VX800v is a VoIP gateway produced by the Chinese company TP-Link. The TP-Link VX800v 1.0 version has a security vulnerability. This vulnerability stems from improper handling of exceptional conditions during SIP processing. It could allow attackers to flood the device with specially...

EUVD-2007-5512

Malware in sbrugna...

The vulnerability of the SIP ALG module of the Packet Forwarding Engine (PFE) in the Junos OS router series, SRX Series and MX Series, allows a attacker to cause service interruptions.

The vulnerability of the SIP ALG module of the Packet Forwarding Engine PFE in Junos OS routers of the SRX Series and MX Series is related to improper handling of an additional special element. Exploiting this vulnerability allows a malicious actor to trigger a service failure by sending speciall...

CVE-2013-1220

The CallServer component in Cisco Unified Customer Voice Portal CVP Software before 9.0.1 ES 11 allows remote attackers to cause a denial of service call-acceptance outage via malformed SIP INVITE messages, aka Bug ID CSCua65148...

Improper Input Validation

Overview matrix-synapse is an ecosystem for open federated Instant Messaging and VoIP. Affected versions of this package are vulnerable to Improper Input Validation via invite messages. An attacker can disrupt the /sync functionality by sending a specially crafted invite over federation. Workarou...

FreeBSD : asterisk -- multiple vulnerabilities (933654ce-17b8-11e8-90b8-001999f8d30b)

The Asterisk project reports : AST-2018-004 - When processing a SUBSCRIBE request the respjsippubsub module stores the accepted formats present in the Accept headers of the request. This code did not limit the number of headers it processed despite having a fixed limit of 32. If more than 32 Acce...

asterisk -- multiple vulnerabilities

The Asterisk project reports: AST-2018-004 - When processing a SUBSCRIBE request the respjsippubsub module stores the accepted formats present in the Accept headers of the request. This code did not limit the number of headers it processed despite having a fixed limit of 32. If more than 32 Accep...

The vulnerability of Cisco PIX software allows a malicious individual to trigger a service failure.

The vulnerability in the implementation of the SIP protocol in Cisco products including IP phones, IOS, and Secure PIX allows malicious actors to trigger service failures and execute arbitrary codes by using specially crafted INVITE messages...

Design/Logic Flaw

The Connection Conversation Manager aka CuCsMgr process in Cisco Unity Connection 8.5 before 8.51SU7, 8.6 before 8.62aSU4, 9.x before 9.12SU2, and 10.0 before 10.01SU1, when SIP trunk integration is enabled, allows remote attackers to cause a denial of service core dump and restart via crafted SI...

CVE-2015-0613

The Connection Conversation Manager aka CuCsMgr process in Cisco Unity Connection 8.5 before 8.51SU7, 8.6 before 8.62aSU4, 9.x before 9.12SU2, and 10.0 before 10.01SU1, when SIP trunk integration is enabled, allows remote attackers to cause a denial of service core dump and restart via crafted SI...

CVE-2013-1220

The CallServer component in Cisco Unified Customer Voice Portal CVP Software before 9.0.1 ES 11 allows remote attackers to cause a denial of service call-acceptance outage via malformed SIP INVITE messages, aka Bug ID CSCua65148...

Asterisk: Two SIP Denial of Service vulnerabilities

Background Asterisk is an open source implementation of a telephone private branch exchange PBX. Description The Madynes research team at INRIA has discovered that Asterisk contains a null pointer dereferencing error in the SIP channel when handling INVITE messages. Furthermore qwerty1979...

CVE-2003-1108

CVE-2003-1108 affects the SIP implementation in Alcatel OmniPCX Enterprise 5.0 Lx. The issue allows remote attackers to cause a denial of service and potentially execute arbitrary code by sending crafted INVITE messages, as demonstrated by the OUSPG PROTOS c07-sip test suite. Connected sources co...

CVE-2003-1111

The CVE-2003-1111 entry covers the Session Initiation Protocol (SIP) implementation in multiple Dynamicsoft products (including y and certain AppEngine demo products). A remote attacker can cause denial of service or execute arbitrary code by sending crafted INVITE messages, as demonstrated by th...

CVE-2003-1110

The CVE-2003-1110 issue affects the Columbia SIP User Agent (sipc) 1.74 and older builds prior to sipc 2.0 (build 2003-02-21). The vulnerability arises in its SIP Session Initiation Protocol handling, where crafted INVITE messages can cause a denial of service or allow execution of arbitrary code...

CVE-2003-1110

The Session Initiation Protocol SIP implementation in Columbia SIP User Agent sipc 1.74 and other versions before sipc 2.0 build 2003-02-21 allows remote attackers to cause a denial of service or execute arbitrary code via crafted INVITE messages, as demonstrated by the OUSPG PROTOS c07-sip test...

CVE-2003-1115

The Session Initiation Protocol SIP implementation in Nortel Networks Succession Communication Server 2000, when using SIP-T, allows remote attackers to cause a denial of service and possibly execute arbitrary code via crafted INVITE messages, as demonstrated by the OUSPG PROTOS c07-sip test suit...

CVE-2003-1109

The Session Initiation Protocol SIP implementation in multiple Cisco products including IP Phone models 7940 and 7960, IOS versions in the 12.2 train, and Secure PIX 5.2.9 to 6.2.2 allows remote attackers to cause a denial of service and possibly execute arbitrary code via crafted INVITE messages...