10 matches found
Ubuntu 16.04 ESM / 18.04 ESM / 20.04 LTS / 22.04 LTS / 23.04 / 23.10 : Sofia-SIP vulnerability (USN-6448-1)
The remote Ubuntu 16.04 ESM / 18.04 ESM / 20.04 LTS / 22.04 LTS / 23.04 / 23.10 host has packages installed that are affected by a vulnerability as referenced in the USN-6448-1 advisory. Xu Biang discovered that Sofia-SIP did not properly manage memory when handling STUN packets. An attacker coul...
Integer overflow
Sofia-SIP is an open-source SIP User-Agent library, compliant with the IETF RFC3261 specification. Referring to GHSA-8599-x7rq-fr54, several other potential heap-over-flow and integer-overflow in stunparseattrerrorcode and stunparseattruint32 were found because the lack of attributes length check...
Debian DSA-5410-1 : sofia-sip - security update
The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5410 advisory. - Sofia-SIP is an open-source Session Initiation Protocol SIP User-Agent library. Prior to version 1.13.8, an attacker can send a message with evil sdp to...
Updated sofia-sip packages fix security vulnerability
Missing message length and attributes length checks when it handles STUN packets, leading to controllable heap-over-flow CVE-2023-22741...
Debian dla-3292 : libsofia-sip-ua-dev - security update
The remote Debian 10 host has packages installed that are affected by a vulnerability as referenced in the dla-3292 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3292-1 [email protected] https://www.debian.org/lts/security/...
CVE-2023-22741
Sofia-SIP is an open-source SIP User-Agent library, compliant with the IETF RFC3261 specification. In affected versions Sofia-SIP lacks both message length and attributes length checks when it handles STUN packets, leading to controllable heap-over-flow. For example, in stunparseattribute, after ...
CVE-2023-22741
Sofia-SIP is an open-source SIP User-Agent library, compliant with the IETF RFC3261 specification. In affected versions Sofia-SIP lacks both message length and attributes length checks when it handles STUN packets, leading to controllable heap-over-flow. For example, in stunparseattribute, after ...
CVE-2023-22741 heap-over-flow in stun_parse_attribute in sofia-sip
Sofia-SIP is an open-source SIP User-Agent library, compliant with the IETF RFC3261 specification. In affected versions Sofia-SIP lacks both message length and attributes length checks when it handles STUN packets, leading to controllable heap-over-flow. For example, in stunparseattribute, after ...
CVE-2023-22741 heap-over-flow in stun_parse_attribute in sofia-sip
Sofia-SIP is an open-source SIP User-Agent library, compliant with the IETF RFC3261 specification. In affected versions Sofia-SIP lacks both message length and attributes length checks when it handles STUN packets, leading to controllable heap-over-flow. For example, in stunparseattribute, after ...
CVE-2023-22741 heap-over-flow in stun_parse_attribute in sofia-sip
Sofia-SIP is an open-source SIP User-Agent library, compliant with the IETF RFC3261 specification. In affected versions Sofia-SIP lacks both message length and attributes length checks when it handles STUN packets, leading to controllable heap-over-flow. For example, in stunparseattribute, after ...