Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Out-of-bounds Read in Sofia-SIP
Vulnerability Description
Sofia-SIP is an open-source Session Initiation Protocol (SIP) User-Agent library. Prior to version 1.13.8, an attacker can send a message with evil sdp to FreeSWITCH, which may cause crash. This type of crash may be caused by `#define MATCH(s, m) (strncmp(s, m, n = sizeof(m) - 1) == 0)`, which will make `n` bigger and trigger out-of-bound access when `IS_NON_WS(s[n])`. Version 1.13.8 contains a patch for this issue.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Vulnerability Type
跨界内存读
Vulnerability Title
Sofia-SIP 缓冲区错误漏洞
Vulnerability Description
Sofia-SIP是freeswitch个人开发者的一个开源的 SIP 用户代理库,符合 IETF RFC3261 规范。 Sofia-SIP 1.13.8之前版本存在缓冲区错误漏洞,该漏洞源于应用中#define MATCH(s, m) (strncmp(s, m, n = sizeof(m) - 1) == 0)存在问题。攻击者可以利用该漏洞向FreeSWITCH发送带有恶意sdp消息,导致应用崩溃。
CVSS Information
N/A
Vulnerability Type
N/A