32 matches found
EUVD-2013-1250
Malware in sbrugna...
EUVD-2023-36559
Malicious code in bioql PyPI...
CVE-2013-1210
Array index error in the Virtual Ethernet Module VEM kernel driver for VMware ESXi in Cisco NX-OS on the Nexus 1000V, when STUN debugging is enabled, allows remote attackers to cause a denial of service ESXi crash and purple screen of death by sending crafted STUN packets to a VEM, aka Bug ID...
Fedora 38 : sofia-sip (2024-b9c02df30f)
The remote Fedora 38 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2024-b9c02df30f advisory. Security fix for CVE-2023-32307 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not...
Ubuntu: Security Advisory (USN-6448-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Debian DSA-5431-1 : sofia-sip - security update
The remote Debian 11 host has packages installed that are affected by a vulnerability as referenced in the dsa-5431 advisory. - Sofia-SIP is an open-source SIP User-Agent library, compliant with the IETF RFC3261 specification. Referring to GHSA-8599-x7rq-fr54, several other potential heap-over-fl...
Debian dla-3441 : libsofia-sip-ua-dev - security update
The remote Debian 10 host has packages installed that are affected by a vulnerability as referenced in the dla-3441 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3441-1 [email protected] https://www.debian.org/lts/security/...
CVE-2023-32307
Sofia-SIP is an open-source SIP User-Agent library, compliant with the IETF RFC3261 specification. Referring to GHSA-8599-x7rq-fr54, several other potential heap-over-flow and integer-overflow in stunparseattrerrorcode and stunparseattruint32 were found because the lack of attributes length check...
Integer overflow
Sofia-SIP is an open-source SIP User-Agent library, compliant with the IETF RFC3261 specification. Referring to GHSA-8599-x7rq-fr54, several other potential heap-over-flow and integer-overflow in stunparseattrerrorcode and stunparseattruint32 were found because the lack of attributes length check...
CVE-2023-32307
Sofia-SIP is an open-source SIP User-Agent library, compliant with the IETF RFC3261 specification. Referring to GHSA-8599-x7rq-fr54, several other potential heap-over-flow and integer-overflow in stunparseattrerrorcode and stunparseattruint32 were found because the lack of attributes length check...
CVE-2023-32307 heap-over-flow and integer-overflow in sofia-sip
Sofia-SIP is an open-source SIP User-Agent library, compliant with the IETF RFC3261 specification. Referring to GHSA-8599-x7rq-fr54, several other potential heap-over-flow and integer-overflow in stunparseattrerrorcode and stunparseattruint32 were found because the lack of attributes length check...
CVE-2023-32307 heap-over-flow and integer-overflow in sofia-sip
Sofia-SIP is an open-source SIP User-Agent library, compliant with the IETF RFC3261 specification. Referring to GHSA-8599-x7rq-fr54, several other potential heap-over-flow and integer-overflow in stunparseattrerrorcode and stunparseattruint32 were found because the lack of attributes length check...
Debian DSA-5410-1 : sofia-sip - security update
The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5410 advisory. - Sofia-SIP is an open-source Session Initiation Protocol SIP User-Agent library. Prior to version 1.13.8, an attacker can send a message with evil sdp to...
USN-5932-1 sofia-sip vulnerabilities
It was discovered that Sofia-SIP incorrectly handled specially crafted SDP packets. A remote attacker could use this issue to cause applications using Sofia-SIP to crash, leading to a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 16.04 ESM, Ubuntu 18.04 LT...
SUSE CVE-2017-5388
A STUN server in conjunction with a large number of "webkitRTCPeerConnection" objects can be used to send large STUN packets in a short period of time due to a lack of rate limiting being applied on e10s systems, allowing for a denial of service attack. This vulnerability affects Firefox 51...
MGASA-2023-0040 Updated sofia-sip packages fix security vulnerability
Missing message length and attributes length checks when it handles STUN packets, leading to controllable heap-over-flow CVE-2023-22741...
Updated sofia-sip packages fix security vulnerability
Missing message length and attributes length checks when it handles STUN packets, leading to controllable heap-over-flow CVE-2023-22741...
CVE-2023-22741
Sofia-SIP is an open-source SIP User-Agent library, compliant with the IETF RFC3261 specification. In affected versions Sofia-SIP lacks both message length and attributes length checks when it handles STUN packets, leading to controllable heap-over-flow. For example, in stunparseattribute, after ...
CVE-2023-22741
Sofia-SIP is an open-source SIP User-Agent library, compliant with the IETF RFC3261 specification. In affected versions Sofia-SIP lacks both message length and attributes length checks when it handles STUN packets, leading to controllable heap-over-flow. For example, in stunparseattribute, after ...
Heap overflow
Sofia-SIP is an open-source SIP User-Agent library, compliant with the IETF RFC3261 specification. In affected versions Sofia-SIP lacks both message length and attributes length checks when it handles STUN packets, leading to controllable heap-over-flow. For example, in stunparseattribute, after ...