EUVD-2023-36559

Malicious code in bioql PyPI...

[SECURITY] Fedora 38 Update: baresip-3.10.1-1.fc38

A modular SIP user-agent with support for audio and video, and many IETF standards such as SIP, SDP, RTP/RTCP and STUN/TURN/ICE for both, IPv4 and IPv6. Additional modules provide support for audio codecs like Codec2, G.711, G.722, G.726, GSM, L16, MPA and Opus, audio drivers like ALSA, GStreamer...

[SECURITY] Fedora 39 Update: baresip-3.10.1-1.fc39

A modular SIP user-agent with support for audio and video, and many IETF standards such as SIP, SDP, RTP/RTCP and STUN/TURN/ICE for both, IPv4 and IPv6. Additional modules provide support for audio codecs like Codec2, G.711, G.722, G.726, GSM, L16, MPA and Opus, audio drivers like ALSA, GStreamer...

Integer overflow

Sofia-SIP is an open-source SIP User-Agent library, compliant with the IETF RFC3261 specification. Referring to GHSA-8599-x7rq-fr54, several other potential heap-over-flow and integer-overflow in stunparseattrerrorcode and stunparseattruint32 were found because the lack of attributes length check...

CVE-2023-32307

Sofia-SIP (SIP UAs) has CVE-2023-32307 describing multiple vulnerabilities in STUN packet handling, including heap overflow and OOB read caused by missing attributes length checks. Attacks could crash or cause high memory usage; these issues were addressed in version 1.13.15, with upgrades advise...

[SECURITY] [DSA 5410-1] sofia-sip

------------------------------------------------------------------------- Debian Security Advisory DSA-5410-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff May 24, 2023 https://www.debian.org/security/faq -...

CVE-2023-22741

Sofia-SIP is an open-source SIP User-Agent library, compliant with the IETF RFC3261 specification. In affected versions Sofia-SIP lacks both message length and attributes length checks when it handles STUN packets, leading to controllable heap-over-flow. For example, in stunparseattribute, after ...

Sofia-SIP: Multiple Vulnerabilities

Background Sofia-SIP is an RFC3261 compliant SIP User-Agent library. Description Multiple vulnerabilities have been discovered in Sofia-SIP. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There is no know...

CVE-2022-31003

Sofia-SIP is an open-source Session Initiation Protocol SIP User-Agent library. Prior to version 1.13.8, when parsing each line of a sdp message, rest = record + 2 will access the memory behind \0 and cause an out-of-bounds write. An attacker can send a message with evil sdp to FreeSWITCH, causin...

CVE-2022-31002 Out-of-bounds Read in Sofia-SIP

Sofia-SIP is an open-source Session Initiation Protocol SIP User-Agent library. Prior to version 1.13.8, an attacker can send a message with evil sdp to FreeSWITCH, which may cause a crash. This type of crash may be caused by a URL ending with %. Version 1.13.8 contains a patch for this issue...

PT-2022-1914

Name of the Vulnerable Software and Affected Versions PJSIP affected versions not specified Description The issue is related to a buffer overflow in the PJSUA API when calling the pjsua call dump function. An attacker-controlled buffer argument may cause a buffer overflow if an output buffer...

sipXtapi INVITE Message CSeq Field Header Remote Overflow

The remote host is running a SIP user agent that appears to be compiled using a version of SIP Foundry's SipXtapi library before March 24, 2006. Such versions contain a buffer overflow flaw that is triggered when processing a specially crafted packet with a long value for the 'CSeq' field. A remo...

CVE-2003-1110

The Session Initiation Protocol SIP implementation in Columbia SIP User Agent sipc 1.74 and other versions before sipc 2.0 build 2003-02-21 allows remote attackers to cause a denial of service or execute arbitrary code via crafted INVITE messages, as demonstrated by the OUSPG PROTOS c07-sip test...

CVE-2003-1110

The CVE-2003-1110 issue affects the Columbia SIP User Agent (sipc) 1.74 and older builds prior to sipc 2.0 (build 2003-02-21). The vulnerability arises in its SIP Session Initiation Protocol handling, where crafted INVITE messages can cause a denial of service or allow execution of arbitrary code...