198 matches found
CVE-2025-41433
When a Session Initiation Protocol SIP message routing framework MRF application layer gateway ALG profile is configured on a Message Routing virtual server, undisclosed requests can cause the Traffic Management Microkernel TMM to terminate. Note: Software versions which have reached End of...
CVE-2025-41433
CVE-2025-41433 affects F5 BIG-IP SIP MRF ALG profile. When configured on a Message Routing virtual server, undisclosed requests can cause the Traffic Management Microkernel (TMM) to terminate, enabling a potential DoS. Affected product scope per vendor advisories includes BIG-IP (all modules) acr...
CVE-2021-37624
FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. Prior to version 1.10.7, FreeSWITCH does not authenticate SIP MESSAGE requests, leading to spam and message...
CVE-2024-20375
A vulnerability in the SIP call processing function of Cisco Unified Communications Manager Unified CM and Cisco Unified Communications Manager Session Management Edition Unified CM SME could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected devic...
CVE-2023-27597
OpenSIPS is a Session Initiation Protocol SIP server implementation. Prior to versions 3.1.8 and 3.2.5, when a specially crafted SIP message is processed by the function rewriteruri, a crash occurs due to a segmentation fault. This issue causes the server to crash. It affects configurations...
CVE-2023-27599 OpenSIPS has vulnerability in the parse_to_param() function
OpenSIPS is a Session Initiation Protocol SIP server implementation. Prior to versions 3.1.7 and 3.2.4, when the function appendhf handles a SIP message with a malformed To header, a call to the function abort is performed, resulting in a crash. This is due to the following check in datalump.c:39...
OpenSIPS 输入验证错误漏洞
OpenSIPS is a GPL-licensed SIP server implementation from the individual developers of OpenSIPS. An input validation error vulnerability exists in OpenSIPS version 3.2 and earlier, which stems from a system crash when an incorrectly formatted SDP body is received and processed by the...
SUSE CVE-2021-33056
Belledonne Belle-sip before 4.5.20, as used in Linphone and other products, can crash via an invalid From header in a SIP message...
Design/Logic Flaw
On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5, and 14.1.x versions prior to 14.1.4.6, when a Session Initiation Protocol SIP message routing framework MRF application layer gateway ALG profile is configured on a Message Routing virtual server, undisclosed request...
Out-of-Bounds Read
pjproject is vulnerable to out of bounds read. The vulnerability exists due to a lack of validation of incoming SIP message that contains a malformed multipart...
asterisk -- multiple vulnerabilities
The Asterisk project reports: AST-2022-004 - The header length on incoming STUN messages that contain an ERROR-CODE attribute is not properly checked. This can result in an integer underflow. Note, this requires ICE or WebRTC support to be in use with a malicious remote party. AST-2022-005 - When...
CVE-2021-43610
Belledonne Belle-sip before 5.0.20 can crash applications such as Linphone via an invalid From header request URI without a parameter in an unauthenticated SIP message, a different issue than CVE-2021-33056...
CVE-2021-43610
Belledonne Belle-sip before 5.0.20 can crash applications such as Linphone via an invalid From header request URI without a parameter in an unauthenticated SIP message, a different issue than CVE-2021-33056...
Design/Logic Flaw
Belledonne Belle-sip before 5.0.20 can crash applications such as Linphone via an invalid From header request URI without a parameter in an unauthenticated SIP message, a different issue than CVE-2021-33056...
CVE-2021-43610
CVE-2021-43610 describes a denial-of-service issue in Belledonne Belle-sip before 5.0.20, where an unauthenticated SIP message containing an invalid From header (request URI without a parameter) can crash applications such as Linphone. This is a separate issue from CVE-2021-33056. The Red Hat and...
Authentication Bypass
freeswitch is vulnerable to Authentication Bypass. The vulnerability exists because the SIP MESSAGE requests are not properly authenticated which allows an attacker to to send SIP MESSAGE messages to any SIP user agent that is registered with the server...
FreeSWITCH 1.10.6 Missing SIP MESSAGE Authentication Exploit
FreeSWITCH does not authenticate SIP MESSAGE requests, leading to spam and message spoofing - Fixed versions: v1.10.7 - Enable Security Advisory: https://github.com/EnableSecurity/advisories/tree/master/ES2021-07-freeswitch-SIP-MESSAGE-without-auth - Vendor Security Advisory:...
CVE-2021-37624
FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. Prior to version 1.10.7, FreeSWITCH does not authenticate SIP MESSAGE requests, leading to spam and message...
Authentication flaw
FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. Prior to version 1.10.7, FreeSWITCH does not authenticate SIP MESSAGE requests, leading to spam and message...
CVE-2021-37624 FreeSWITCH does not authenticate SIP MESSAGE requests, leading to spam and message spoofing
FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. Prior to version 1.10.7, FreeSWITCH does not authenticate SIP MESSAGE requests, leading to spam and message...