OSV-2018-222 Heap-buffer-overflow in resip::ParseBuffer::qVal

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=6713 Crash type: Heap-buffer-overflow READ 1 Crash state: resip::ParseBuffer::qVal resip::QValueParameter::QValueParameter resip::QValueParameter::decode...

CVE-2018-12584

CVE-2018-12584 affects reSIProcate’s SIP stack, specifically ConnectionBase::preparseNewBytes in resip/stack/ConnectionBase.cxx. When TLS is enabled, it allows remote attackers to trigger a heap overflow/denial of service and potentially execute arbitrary code. Multiple connected advisories note ...