98 matches found
CVE-2024-3119
A buffer overflow vulnerability exists in all versions of sngrep since v0.4.2, due to improper handling of 'Call-ID' and 'X-Call-ID' SIP headers. The functions sipgetcallid and sipgetxcallid in sip.c use the strncpy function to copy header contents into fixed-size buffers without checking the dat...
UBUNTU-CVE-2024-3120
A stack-buffer overflow vulnerability exists in all versions of sngrep since v1.4.1. The flaw is due to inadequate bounds checking when copying 'Content-Length' and 'Warning' headers into fixed-size buffers in the sipvalidatepacket and sipparseextraheaders functions within src/sip.c. This...
CVE-2024-3120 Stack-Buffer Overflow in 'Content-Length' and 'Warning' Header Processing in sngrep
A stack-buffer overflow vulnerability exists in all versions of sngrep since v1.4.1. The flaw is due to inadequate bounds checking when copying 'Content-Length' and 'Warning' headers into fixed-size buffers in the sipvalidatepacket and sipparseextraheaders functions within src/sip.c. This...
CVE-2024-3120
CVE-2024-3120 affects all versions of sngrep since v1.4.1. A stack-buffer overflow arises from inadequate bounds checking when copying the SIP headers ‘Content-Length’ and ‘Warning’ into fixed-size buffers in src/sip.c (sip_validate_packet and sip_parse_extra_headers). This allows remote attacker...
CVE-2024-3120 Stack-Buffer Overflow in 'Content-Length' and 'Warning' Header Processing in sngrep
A stack-buffer overflow vulnerability exists in all versions of sngrep since v1.4.1. The flaw is due to inadequate bounds checking when copying 'Content-Length' and 'Warning' headers into fixed-size buffers in the sipvalidatepacket and sipparseextraheaders functions within src/sip.c. This...
CVE-2024-3120
A stack-buffer overflow vulnerability exists in all versions of sngrep since v1.4.1. The flaw is due to inadequate bounds checking when copying 'Content-Length' and 'Warning' headers into fixed-size buffers in the sipvalidatepacket and sipparseextraheaders functions within src/sip.c. This...
CVE-2024-3119 Stack-Buffer Overflow in 'Call-ID' and 'X-Call-ID' SIP Header Processing in sngrep
A buffer overflow vulnerability exists in all versions of sngrep since v0.4.2, due to improper handling of 'Call-ID' and 'X-Call-ID' SIP headers. The functions sipgetcallid and sipgetxcallid in sip.c use the strncpy function to copy header contents into fixed-size buffers without checking the dat...
CVE-2024-3119
A buffer overflow vulnerability exists in all versions of sngrep since v0.4.2, due to improper handling of 'Call-ID' and 'X-Call-ID' SIP headers. The functions sipgetcallid and sipgetxcallid in sip.c use the strncpy function to copy header contents into fixed-size buffers without checking the dat...
CVE-2024-3119
CVE-2024-3119 affects sngrep; all versions since v0.4.2 vulnerable due to improper handling of SIP headers. The functions sip_get_callid and sip_get_xcallid copy header data into fixed-size buffers with strncpy without validating length, enabling remote attackers to trigger arbitrary code executi...
CVE-2024-3119 Stack-Buffer Overflow in 'Call-ID' and 'X-Call-ID' SIP Header Processing in sngrep
A buffer overflow vulnerability exists in all versions of sngrep since v0.4.2, due to improper handling of 'Call-ID' and 'X-Call-ID' SIP headers. The functions sipgetcallid and sipgetxcallid in sip.c use the strncpy function to copy header contents into fixed-size buffers without checking the dat...
CVE-2024-3119 Stack-Buffer Overflow in 'Call-ID' and 'X-Call-ID' SIP Header Processing in sngrep
A buffer overflow vulnerability exists in all versions of sngrep since v0.4.2, due to improper handling of 'Call-ID' and 'X-Call-ID' SIP headers. The functions sipgetcallid and sipgetxcallid in sip.c use the strncpy function to copy header contents into fixed-size buffers without checking the dat...
Irontec Sngrep 安全漏洞
Irontec Sngrep is a tool from Irontec for displaying SIP call message streams from endpoints. A security vulnerability exists in Irontec Sngrep versions v1.4.1 through v1.8.1, which stems from copying Content-Length and Warning headers into the sipvalidatepacket and sipparseextraheaders functions...
Irontec Sngrep 缓冲区错误漏洞
Irontec Sngrep is a tool from Irontec for displaying SIP call message streams from endpoints. A security vulnerability exists in Irontec Sngrep versions v0.4.2 through v1.8.1, which stems from the functions sipgetcallid and sipgetxcallid in sip.c using the strncpy function to copy the contents of...
PT-2024-23843
Name of the Vulnerable Software and Affected Versions sngrep versions 1.4.1 and later Description A stack-buffer overflow issue exists due to inadequate bounds checking when copying Content-Length and Warning headers into fixed-size buffers in the sip validate packet and sip parse extra headers...
PT-2024-23832 · Sngrep +2 · Sngrep +2
Name of the Vulnerable Software and Affected Versions: sngrep versions 0.4.2 and later Description: A buffer overflow vulnerability exists due to improper handling of 'Call-ID' and 'X-Call-ID' SIP headers. The functions sip get callid and sip get xcallid in sip.c use the strncpy function to copy...
Stack-Based Buffer Overflow
sngrep is vulnerable to Stack-Based Buffer Overflow. The vulnerability exists in the packetsetpayload function of /src/packet.c where a stack-based buffer overflow could be triggered by a local attacker...
Heap-Based Buffer Overflow
sngrep is vulnerable to Heap-Based Buffer Overflow. The vulnerability exists in the capturepacketreasmip function of /src/capture.c where a stack-based buffer overflow could be triggered by a local attacker...
Out-of-Bounds Write
sngrep is vulnerable to Out-of-Bounds Write. The vulnerability is found in capturewscheckpacket within /src/capture.c which allows a local attacker to cause a heap-based buffer overflow...
SUSE CVE-2023-36192
Sngrep v1.6.0 was discovered to contain a heap buffer overflow via the function capturewscheckpacket at /src/capture.c...
CVE-2023-36192
Sngrep v1.6.0 was discovered to contain a heap buffer overflow via the function capturewscheckpacket at /src/capture.c...