10 matches found
GLSA-202407-10 : Sofia-SIP: Multiple Vulnerabilities
The remote host is affected by the vulnerability described in GLSA-202407-10 Sofia-SIP: Multiple Vulnerabilities Multiple vulnerabilities have been discovered in Sofia-SIP. Please review the CVE identifiers referenced below for details. Tenable has extracted the preceding description block direct...
[SECURITY] [DSA 5410-1] sofia-sip
------------------------------------------------------------------------- Debian Security Advisory DSA-5410-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff May 24, 2023 https://www.debian.org/security/faq -...
Debian DSA-5410-1 : sofia-sip - security update
The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5410 advisory. - Sofia-SIP is an open-source Session Initiation Protocol SIP User-Agent library. Prior to version 1.13.8, an attacker can send a message with evil sdp to...
Mageia: Security Advisory (MGASA-2023-0040)
The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Ubuntu: Security Advisory (USN-5932-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
USN-5932-1: Sofia-SIP vulnerabilities
It was discovered that Sofia-SIP incorrectly handled specially crafted SDP packets. A remote attacker could use this issue to cause applications using Sofia-SIP to crash, leading to a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 16.04 ESM, Ubuntu 18.04 LT...
Updated sofia-sip packages fix security vulnerability
Missing message length and attributes length checks when it handles STUN packets, leading to controllable heap-over-flow CVE-2023-22741...
[SECURITY] [DLA 3292-1] sofia-sip security update
------------------------------------------------------------------------- Debian LTS Advisory DLA-3292-1 [email protected] https://www.debian.org/lts/security/ Adrian Bunk [email protected] January 29, 2023 https://wiki.debian.org/LTS -...
CVE-2023-22741 heap-over-flow in stun_parse_attribute in sofia-sip
Sofia-SIP is an open-source SIP User-Agent library, compliant with the IETF RFC3261 specification. In affected versions Sofia-SIP lacks both message length and attributes length checks when it handles STUN packets, leading to controllable heap-over-flow. For example, in stunparseattribute, after ...
CVE-2023-22741
Summary: CVE-2023-22741 affects Sofia-SIP’s handling of STUN packets, where the code does not validate message length and attribute length, enabling controllable heap overflow. This could allow remote code execution via heap grooming or related exploitation techniques. The issue originates from S...