129 matches found
PJSIP 安全漏洞
PJSIP is a free and open source multimedia communication library written in C that implements standards-based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. A security vulnerability exists in PJSIP 2.12 and earlier versions that stems from a stack-based buffer overflow vulnerability in...
Qualcomm 封闭源组件 安全漏洞
The Qualcomm Component is a component of Qualcomm Incorporated USA. An intrinsic part that provides the functionality of Qualcomm devices. A security vulnerability exists in the Qualcomm Closed Source Component that stems from the absence of a NULL termination check on the SDP, where a buffer...
Qualcomm 封闭源组件安全漏洞
A security vulnerability exists in the Qualcomm Closed Source component that stems from the absence of a NULL termination check on the SDP, which may result in a buffer over-read when parsing received SDP values...
ALPINE-CVE-2021-26717
An issue was discovered in Sangoma Asterisk 16.x before 16.16.1, 17.x before 17.9.2, and 18.x before 18.2.1 and Certified Asterisk before 16.8-cert6. When re-negotiating for T.38, if the initial remote response was delayed just enough, Asterisk would send both audio and T.38 in the SDP. If this...
DEBIAN-CVE-2021-26906
An issue was discovered in respjsipsession.c in Digium Asterisk through 13.38.1; 14.x, 15.x, and 16.x through 16.16.0; 17.x through 17.9.1; and 18.x through 18.2.0, and Certified Asterisk through 16.8-cert5. An SDP negotiation vulnerability in PJSIP allows a remote server to potentially crash...
Digium Asterisk Security Vulnerability
Digium Asterisk is a set of open source telephone exchange PBX system software from Digium, USA. The software supports voicemail, multi-party voice conferencing, interactive voice response IVR, and more. A security vulnerability exists in Digium Asterisk. The vulnerability stems from allowing a...
PT-2021-17165 · Asterisk +2 · Asterisk +2
Name of the Vulnerable Software and Affected Versions: Asterisk versions 13.38.1 and earlier, 14.x, 15.x, 16.x through 16.16.0, 17.x through 17.9.1, and 18.x through 18.2.0 Certified Asterisk versions 16.8-cert5 and earlier Description: An issue in res pjsip session.c allows a remote server to...
Wave-Share - Serverless, Peer-To-Peer, Local File Sharing Through Sound
A proof-of-concept for WebRTC signaling using sound. Works with all devices that have microphone + speakers. Runs in the browser. Nearby devices negotiate the WebRTC connection by exchanging the necessary Session Description Protocol SDP data via a sequence of audio tones. Upon successful...
Meetecho Janus Buffer Overflow Vulnerability (CNVD-2020-53119)
Meetecho Janus is a WebRTC Web Real Time Communication server from Meetecho. A buffer overflow vulnerability exists in the 'janusstreamingrtspparsesdp' function in the plugins/janusstreaming.c file in Meetecho Janus 0.10.0 and earlier versions, which originates when the program fails to properly...
DEBIAN-CVE-2020-14034
An issue was discovered in janus-gateway aka Janus WebRTC Server through 0.10.0. janusgetcodecfrompt in utils.c has a Buffer Overflow via long value in an SDP Offer packet...
DEBIAN-CVE-2020-14033
An issue was discovered in janus-gateway aka Janus WebRTC Server through 0.10.0. janusstreamingrtspparsesdp in plugins/janusstreaming.c has a Buffer Overflow via a crafted RTSP server...
The vulnerability of the VoIP device Mitel MiVoice 5330e arises from an operation that goes beyond the buffer in memory, allowing an attacker to trigger a service failure and execute arbitrary code.
The vulnerability of the VoIP device Mitel MiVoice 5330e arises from an operation that goes beyond the buffer in memory during the processing of SIP/SDP packets. Exploiting this vulnerability allows a malicious actor to cause service failures and execute arbitrary codes...
DEBIAN-CVE-2019-13161
An issue was discovered in Asterisk Open Source through 13.27.0, 14.x and 15.x through 15.7.2, and 16.x through 16.4.0, and Certified Asterisk through 13.21-cert3. A pointer dereference in chansip while handling SDP negotiation allows an attacker to crash Asterisk when handling an SDP answer to a...
CVE-2019-13161
An issue was discovered in Asterisk Open Source through 13.27.0, 14.x and 15.x through 15.7.2, and 16.x through 16.4.0, and Certified Asterisk through 13.21-cert3. A pointer dereference in chansip while handling SDP negotiation allows an attacker to crash Asterisk when handling an SDP answer to a...
UBUNTU-CVE-2019-13161
An issue was discovered in Asterisk Open Source through 13.27.0, 14.x and 15.x through 15.7.2, and 16.x through 16.4.0, and Certified Asterisk through 13.21-cert3. A pointer dereference in chansip while handling SDP negotiation allows an attacker to crash Asterisk when handling an SDP answer to a...
ALPINE-CVE-2019-7251
An Integer Signedness issue for a return code in the respjsipsdprtp module in Digium Asterisk versions 15.7.1 and earlier and 16.1.1 and earlier allows remote authenticated users to crash Asterisk via a specially crafted SDP protocol violation...
The vulnerability of the Cisco Meeting Server platform, which exists due to insufficient validation of input data, allows a hacker to trigger a service failure.
The vulnerability of the Cisco Meeting Server platform exists due to insufficient verification of input data. Exploiting this vulnerability allows a malicious actor to trigger a service failure using a specially crafted SDP message...
Cisco Meeting Server Denial of Service Vulnerability (CNVD-2019-16513)
Cisco Meeting Server formerly known as Acano Conferencing Server, CMS is the United States Cisco Cisco company's set of audio and video conferencing server software. A denial of service vulnerability exists in Session Initiation Protocol SIP call processing in Cisco Meeting Server CMS versions...
CVE-2019-1676
A vulnerability in the Session Initiation Protocol SIP call processing of Cisco Meeting Server CMS software could allow an unauthenticated, remote attacker to cause a denial of service DoS condition of the Cisco Meeting Server. The vulnerability is due to insufficient validation of Session...
CVE-2018-15497
The Mitel MiVoice 5330e VoIP device is affected by memory corruption flaws in the SIP/SDP packet handling functionality. An attacker can exploit this issue remotely, by sending a particular pattern of SIP/SDP packets, to cause a denial of service state in the affected devices and probably remote...