18 matches found
EUVD-2020-3545
Malware in sbrugna...
EUVD-2014-3382
Malware in sbrugna...
USN-5932-1 sofia-sip vulnerabilities
It was discovered that Sofia-SIP incorrectly handled specially crafted SDP packets. A remote attacker could use this issue to cause applications using Sofia-SIP to crash, leading to a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 16.04 ESM, Ubuntu 18.04 LT...
CVE-2022-31001
Sofia-SIP is an open-source Session Initiation Protocol SIP User-Agent library. Prior to version 1.13.8, an attacker can send a message with evil sdp to FreeSWITCH, which may cause crash. This type of crash may be caused by define MATCHs, m strncmps, m, n = sizeofm - 1 == 0, which will make n...
Controlled heap buffer overflow in SDP packet parsing
Description A malicious server can trigger an out-of-bounds heap write via a specially crafted SDP packet due to no bounds check when parsing time zone information into the AdjustmentTime and AdjustmentOffset fields of GFSDPTiming. Proof of Concept poc.py is available here terminal 1 python3 poc....
CVE-2021-1946
Null Pointer Dereference may occur due to improper validation while processing crafted SDP body in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile...
CVE-2020-11191
Out of bound read occurs while processing crafted SDP due to lack of check of null string in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdrago...
Design/Logic Flaw
Out of bound read occurs while processing crafted SDP due to lack of check of null string in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdrago...
DEBIAN-CVE-2019-7251
An Integer Signedness issue for a return code in the respjsipsdprtp module in Digium Asterisk versions 15.7.1 and earlier and 16.1.1 and earlier allows remote authenticated users to crash Asterisk via a specially crafted SDP protocol violation...
CVE-2019-1676 Cisco Meeting Server SIP Processing Denial of Service Vulnerability
A vulnerability in the Session Initiation Protocol SIP call processing of Cisco Meeting Server CMS software could allow an unauthenticated, remote attacker to cause a denial of service DoS condition of the Cisco Meeting Server. The vulnerability is due to insufficient validation of Session...
CVE-2017-14767
The sdpparsefmtpconfigh264 function in libavformat/rtpdech264.c in FFmpeg before 3.3.4 mishandles empty sprop-parameter-sets values, which allows remote attackers to cause a denial of service heap buffer overflow or possibly have unspecified other impact via a crafted sdp file...
CVE-2017-14767
The sdpparsefmtpconfigh264 function in libavformat/rtpdech264.c in FFmpeg before 3.3.4 mishandles empty sprop-parameter-sets values, which allows remote attackers to cause a denial of service heap buffer overflow or possibly have unspecified other impact via a crafted sdp file...
CVE-2017-14767
The sdpparsefmtpconfigh264 function in libavformat/rtpdech264.c in FFmpeg before 3.3.4 mishandles empty sprop-parameter-sets values, which allows remote attackers to cause a denial of service heap buffer overflow or possibly have unspecified other impact via a crafted sdp file...
Code injection
The SIP module in Cisco TelePresence Video Communication Server VCS before 8.1 allows remote attackers to cause a denial of service process failure via a crafted SDP message, aka Bug ID CSCue97632...
Asterisk Products Invalid SDP SIP Channel Driver DoS Vulnerability
Asterisk Server is prone to a denial of service DoS vulnerability. SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
CVE-2013-5526
Cisco 9900 fourth-generation IP phones do not properly perform SDP negotiation, which allows remote attackers to cause a denial of service device reboot via crafted SDP packets, aka Bug ID CSCuf06698...
Null pointer dereference
chansip.c in Asterisk Open Source 1.8.x before 1.8.8.2 and 10.x before 10.0.1, when the ressrtp module is used and media support is improperly configured, allows remote attackers to cause a denial of service NULL pointer dereference and daemon crash via a crafted SDP message with a crypto attribu...
CVE-2012-0885
chansip.c in Asterisk Open Source 1.8.x before 1.8.8.2 and 10.x before 10.0.1, when the ressrtp module is used and media support is improperly configured, allows remote attackers to cause a denial of service NULL pointer dereference and daemon crash via a crafted SDP message with a crypto attribu...