513 matches found
CVE-2026-45362
Sangoma Switchvox before 8.4 places cleartext SIP authentication credentials in a backup file...
Null Pointer Dereference
github.com/emiago/sipgo is vulnerable to a Null pointer dereference. The vulnerability is due to missing nil checks for the To header in the NewResponseFromRequest function, which allows an attacker to exploit it by sending a malformed SIP request without a To header and crash the application...
EUVD-2026-25597
PJSIP is a free and open source multimedia communication library written in C. In 2.16 and earlier, there is an out-of-bounds read when parsing a malformed Content-ID URI in SIP multipart message body. Insufficient length validation can cause reads beyond the intended buffer bounds. This...
PJSIP 缓冲区错误漏洞
PJSIP is an open-source, free and open-source multimedia communication library developed in C language. It implements standards-based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. Versions of PJSIP 2.16 and earlier had a buffer error vulnerability, which stemmed from out-of-bounds read...
CVE-2026-31427
In the Linux kernel, the following vulnerability has been resolved: netfilter: nfconntracksip: fix use of uninitialized rtpaddr in processsdp processsdp declares union nfinetaddr rtpaddr on the stack and passes it to the nfnatsip sdpsession hook after walking the SDP media descriptions. However...
CVE-2026-39864
Kamailio is an open source implementation of a SIP Signaling Server. Prior to 6.0.5 and 5.8.7, an out-of-bounds read in the auth module of Kamailio formerly OpenSER and SER allows remote attackers to cause a denial of service process crash via a specially crafted SIP packet if a successful user...
CVE-2026-39864
Kamailio is an open source implementation of a SIP Signaling Server. Prior to 6.0.5 and 5.8.7, an out-of-bounds read in the auth module of Kamailio formerly OpenSER and SER allows remote attackers to cause a denial of service process crash via a specially crafted SIP packet if a successful user...
CVE-2026-39864 Kamailio Auth: Processing Vulnerability For Additional Authenticated User Identity Checks
Kamailio is an open source implementation of a SIP Signaling Server. Prior to 6.0.5 and 5.8.7, an out-of-bounds read in the auth module of Kamailio formerly OpenSER and SER allows remote attackers to cause a denial of service process crash via a specially crafted SIP packet if a successful user...
CVE-2026-39864
Kamailio is an open source implementation of a SIP Signaling Server. Prior to 6.0.5 and 5.8.7, an out-of-bounds read in the auth module of Kamailio formerly OpenSER and SER allows remote attackers to cause a denial of service process crash via a specially crafted SIP packet if a successful user...
Exploit for Classic Buffer Overflow in Pjsip
CVE-2026-25994 – PJNATH ICE Stack Buffer Overflow pjsip ≤ 2.16...
SUSE CVE-2026-23457
In the Linux kernel, the following vulnerability has been resolved: netfilter: nfconntracksip: fix Content-Length u32 truncation in siphelptcp siphelptcp parses the SIP Content-Length header with simplestrtoul, which returns unsigned long, but stores the result in unsigned int clen. On 64-bit...
PT-2026-30151
Name of the Vulnerable Software and Affected Versions The Linux kernel affected versions not specified Description A flaw exists in the sip help tcp function within the netfilter module. This function parses the SIP Content-Length header using simple strtoul, which returns an unsigned long, but...
DEBIAN-CVE-2026-33069
PJSIP is a free and open source multimedia communication library written in C. Versions 2.16 and below have a cascading out-of-bounds heap read in pjsipmultipartparse. After boundary string matching, curptr is advanced past the delimiter without verifying it has not reached the buffer end. This...
CVE-2026-33069
PJSIP is a free and open source multimedia communication library written in C. Versions 2.16 and below have a cascading out-of-bounds heap read in pjsipmultipartparse. After boundary string matching, curptr is advanced past the delimiter without verifying it has not reached the buffer end. This...
CVE-2026-33069
PJSIP is a free and open source multimedia communication library written in C. Versions 2.16 and below have a cascading out-of-bounds heap read in pjsipmultipartparse. After boundary string matching, curptr is advanced past the delimiter without verifying it has not reached the buffer end. This...
CVE-2026-0754 SIP Service Providers – Possible Impersonation of Poly Voice Device
An embedded test key and certificate could be extracted from a Poly Voice device using specialized reverse engineering tools. This extracted certificate could be accepted by a SIP service provider if the service provider does not perform proper validation of the device certificate...
CVE-2026-0754 SIP Service Providers – Possible Impersonation of Poly Voice Device
An embedded test key and certificate could be extracted from a Poly Voice device using specialized reverse engineering tools. This extracted certificate could be accepted by a SIP service provider if the service provider does not perform proper validation of the device certificate...
CVE-2026-0754
The CVE describes a vulnerability in Poly Voice devices where an embedded test key and certificate can be extracted via reverse engineering. If a SIP service provider does not properly validate device certificates, the extracted certificate could be accepted, enabling impersonation of the Poly Vo...
EUVD-2026-9270
An embedded test key and certificate could be extracted from a Poly Voice device using specialized reverse engineering tools. This extracted certificate could be accepted by a SIP service provider if the service provider does not perform proper validation of the device certificate...
GrandStream GXP1600 proxy SIP traffic
This capture module works against Grandstream GXP1600 series VoIP devices and can reconfigure the device to use an arbitrary SIP proxy. You can first leverage the exploit/linux/http/grandstreamgxp1600unauthrce exploit module to get a root session on a target GXP1600 series device before running...