EUVD-2016-10725

Malware in sbrugna...

Buffer Overflow

sngrep is vulnerable to a Buffer Overflow. The vulnerability is due to improper handling of 'Call-ID' and 'X-Call-ID' SIP headers, where the functions sipgetcallid and sipgetxcallid in sip.c use the strncpy function to copy header contents into fixed-size buffers without checking the data length...

CVE-2024-3119

A buffer overflow vulnerability exists in all versions of sngrep since v0.4.2, due to improper handling of 'Call-ID' and 'X-Call-ID' SIP headers. The functions sipgetcallid and sipgetxcallid in sip.c use the strncpy function to copy header contents into fixed-size buffers without checking the dat...

CVE-2024-3119

A buffer overflow vulnerability exists in all versions of sngrep since v0.4.2, due to improper handling of 'Call-ID' and 'X-Call-ID' SIP headers. The functions sipgetcallid and sipgetxcallid in sip.c use the strncpy function to copy header contents into fixed-size buffers without checking the dat...

CVE-2024-3119

A buffer overflow vulnerability exists in all versions of sngrep since v0.4.2, due to improper handling of 'Call-ID' and 'X-Call-ID' SIP headers. The functions sipgetcallid and sipgetxcallid in sip.c use the strncpy function to copy header contents into fixed-size buffers without checking the dat...

CVE-2024-3119 Stack-Buffer Overflow in 'Call-ID' and 'X-Call-ID' SIP Header Processing in sngrep

A buffer overflow vulnerability exists in all versions of sngrep since v0.4.2, due to improper handling of 'Call-ID' and 'X-Call-ID' SIP headers. The functions sipgetcallid and sipgetxcallid in sip.c use the strncpy function to copy header contents into fixed-size buffers without checking the dat...

CVE-2024-3119

CVE-2024-3119 affects sngrep; all versions since v0.4.2 vulnerable due to improper handling of SIP headers. The functions sip_get_callid and sip_get_xcallid copy header data into fixed-size buffers with strncpy without validating length, enabling remote attackers to trigger arbitrary code executi...

PT-2024-23832 · Sngrep +2 · Sngrep +2

Name of the Vulnerable Software and Affected Versions: sngrep versions 0.4.2 and later Description: A buffer overflow vulnerability exists due to improper handling of 'Call-ID' and 'X-Call-ID' SIP headers. The functions sip get callid and sip get xcallid in sip.c use the strncpy function to copy...

CVE-2020-35652

An issue was discovered in respjsipdiversion.c in Sangoma Asterisk before 13.38.0, 14.x through 16.x before 16.15.0, 17.x before 17.9.0, and 18.x before 18.1.0. A crash can occur when a SIP message is received with a History-Info header that contains a tel-uri, or when a SIP 181 response is...

Denial Of Service (DoS)

asterisk is vulnerable to denial of service. An attacker is able to crash the application by sending an SIP message containing a malicious History-Info header or Diversion header...

Kamailio 5.4.0 Header Smuggling

Kamailio vulnerable to header smuggling possible due to bypass of removehf - Fixed versions: Kamailio v5.4.0 - Enable Security Advisory: - Tested vulnerable versions: 5.3.5 and earlier - Timeline: - Report date & issue patched by Kamailio: 2020-07-16 - Kamailio rewrite for header parser better fi...

CVE-2017-16872

An issue was discovered in Teluu pjproject pjlib and pjlib-util in PJSIP before 2.7.1. Parsing the numeric header fields in a SIP message like cseq, ttl, port, etc. all had the potential to overflow, either causing unintended values to be captured or, if the values were subsequently converted bac...

CVE-2016-1466

Cisco Unified Communications Manager IM and Presence Service 9.11 SU6, 9.11 SU6a, 9.11 SU7, 10.52 SU2, 10.52 SU2a, 11.01 SU1, and 11.51 allows remote attackers to cause a denial of service sipd process restart via crafted headers in a SIP packet, aka Bug ID CSCva39072...

Cisco 9900 Series IP Phone Crafted Header Unregister Vulnerability

According to its self-reported version, the version of the Cisco Unified IP Phone software running on the remote device does not properly process SIP headers. By sending a specially crafted SIP header to the device, a remote attacker may be able to cause the phone to unregister, resulting in a...

Ubuntu Update for opal vulnerability USN-562-1

Ubuntu Update for Linux kernel vulnerabilities USN-562-1 OpenVAS Vulnerability Test $Id: gbubuntuUSN5621.nasl 7969 2017-12-01 09:23:16Z santu $ Ubuntu Update for opal vulnerability USN-562-1 Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH,...

Ubuntu: Security Advisory (USN-562-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Ubuntu 6.06 LTS / 6.10 / 7.04 : opal vulnerability (USN-562-1)

Jose Miguel Esparza discovered that certain SIP headers were not correctly validated. A remote attacker could send a specially crafted packet to an application linked against opal e.g. Ekiga causing it to crash, leading to a denial of service. Note that Tenable Network Security has extracted the...

USN-562-1: opal vulnerability

Jose Miguel Esparza discovered that certain SIP headers were not correctly validated. A remote attacker could send a specially crafted packet to an application linked against opal e.g. Ekiga causing it to crash, leading to a denial of service...