CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Irontec Sngrep v1.8.1 was discovered to contain a heap buffer overflow via the function rtpcheckpacket at /sngrep/src/rtp.c. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted SIP packet...

7.5CVSS6AI score0.0021EPSS

Exploits1References4

Debian CVE•added 2024/05/29 7:6 p.m.•16 views

CVE-2024-35434

7.5CVSS7.5AI score0.0021EPSS

Exploits1

Positive Technologies•added 2024/05/29 12:0 a.m.•1 views

PT-2024-26504 · Irontec +1 · Sngrep +1

Name of the Vulnerable Software and Affected Versions: Irontec Sngrep version 1.8.1 Description: The issue is a heap buffer overflow that can be triggered via the rtp check packet function, located at /sngrep/src/rtp.c. This allows attackers to cause a Denial of Service DoS by sending a crafted S...

7.5CVSS7.2AI score0.0021EPSS

Exploits1References15

SUSE CVE•added 2024/04/11 2:31 a.m.•2 views

SUSE CVE-2024-3119

A buffer overflow vulnerability exists in all versions of sngrep since v0.4.2, due to improper handling of 'Call-ID' and 'X-Call-ID' SIP headers. The functions sipgetcallid and sipgetxcallid in sip.c use the strncpy function to copy header contents into fixed-size buffers without checking the dat...

9.8CVSS8.2AI score0.01895EPSS

Exploits0References4

OSV•added 2024/04/10 12:15 a.m.•4 views

CVE-2024-3120

A stack-buffer overflow vulnerability exists in all versions of sngrep since v1.4.1. The flaw is due to inadequate bounds checking when copying 'Content-Length' and 'Warning' headers into fixed-size buffers in the sipvalidatepacket and sipparseextraheaders functions within src/sip.c. This...

9.8CVSS8.4AI score

Exploits0References3

OSV•added 2024/04/10 12:15 a.m.•2 views

DEBIAN-CVE-2024-3120

9.8CVSS9.1AI score0.03376EPSS

Exploits0References1

Positive Technologies•added 2024/04/09 12:0 a.m.•2 views

PT-2024-23832 · Sngrep +2 · Sngrep +2

Name of the Vulnerable Software and Affected Versions: sngrep versions 0.4.2 and later Description: A buffer overflow vulnerability exists due to improper handling of 'Call-ID' and 'X-Call-ID' SIP headers. The functions sip get callid and sip get xcallid in sip.c use the strncpy function to copy...

9.8CVSS9.7AI score0.03376EPSS

Exploits0References23

Positive Technologies•added 2024/04/09 12:0 a.m.•2 views

PT-2024-23843 · Sngrep +2 · Sngrep +2

Name of the Vulnerable Software and Affected Versions: sngrep versions 1.4.1 and later Description: A stack-buffer overflow issue exists due to inadequate bounds checking when copying Content-Length and Warning headers into fixed-size buffers in the sip validate packet and sip parse extra headers...

9.8CVSS9.8AI score0.03376EPSS

Exploits0References23

OSV•added 2023/05/09 2:15 p.m.•0 views

DEBIAN-CVE-2023-31981

Sngrep v1.6.0 was discovered to contain a stack buffer overflow via the function packetsetpayload at /src/packet.c...

7.8CVSS7.7AI score0.00054EPSS

Exploits1References1