10 matches found
CVE-2026-49475
FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. Prior to version 1.11.0, a STUN packet whose declared attribute length is shorter than the structure the parser...
EUVD-2007-3749
Malware in sbrugna...
CVE-2023-32307
Sofia-SIP is an open-source SIP User-Agent library, compliant with the IETF RFC3261 specification. Referring to GHSA-8599-x7rq-fr54, several other potential heap-over-flow and integer-overflow in stunparseattrerrorcode and stunparseattruint32 were found because the lack of attributes length check...
CVE-2023-32307
Sofia-SIP is an open-source SIP User-Agent library, compliant with the IETF RFC3261 specification. Referring to GHSA-8599-x7rq-fr54, several other potential heap-over-flow and integer-overflow in stunparseattrerrorcode and stunparseattruint32 were found because the lack of attributes length check...
CVE-2023-32307
Sofia-SIP (SIP UAs) has CVE-2023-32307 describing multiple vulnerabilities in STUN packet handling, including heap overflow and OOB read caused by missing attributes length checks. Attacks could crash or cause high memory usage; these issues were addressed in version 1.13.15, with upgrades advise...
CVE-2023-22741
Summary: CVE-2023-22741 affects Sofia-SIP’s handling of STUN packets, where the code does not validate message length and attribute length, enabling controllable heap overflow. This could allow remote code execution via heap grooming or related exploitation techniques. The issue originates from S...
PT-2023-6421 · Sofia-Sip +3 · Sofia-Sip +3
Name of the Vulnerable Software and Affected Versions: Sofia-SIP versions 1.12.4 and later, up to the version before the fix was introduced Description: The issue is related to the lack of message length and attributes length checks when handling STUN packets, leading to a controllable...
Cisco TelePresence Server Malformed STUN Packet Processing DoS (cisco-sa-20160406-cts2)
According to its self-reported version, the Cisco TelePresence Server running on the remote host is affected by a denial of service vulnerability due to improper processing of malformed Session Traversal Utilities for NAT STUN packets. An unauthenticated, remote attacker can exploit this, via...
KPhone buffer overflow
Stack overflow on parsing STUN packet...
KPhone 2.x3.x4.0.1 - Malformed STUN Packet Denial of Service
KPhone 2.x3.x4.0.1 - Malformed STUN Packet Denial of Service source: https://www.securityfocus.com/bid/10159/info A denial of service vulnerability has been reported in KPhone. This issue may be triggered by a malformed SIP Session Initiation Protocol STUN message. This is due to insufficient...