Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Out-of-bounds Read in Sofia-SIP
Vulnerability Description
Sofia-SIP is an open-source Session Initiation Protocol (SIP) User-Agent library. Prior to version 1.13.8, an attacker can send a message with evil sdp to FreeSWITCH, which may cause a crash. This type of crash may be caused by a URL ending with `%`. Version 1.13.8 contains a patch for this issue.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Vulnerability Type
跨界内存读
Vulnerability Title
Sofia-SIP 缓冲区错误漏洞
Vulnerability Description
Sofia-SIP是freeswitch个人开发者的一个开源的 SIP 用户代理库,符合 IETF RFC3261 规范。 Sofia-SIP 1.13.8之前版本存在缓冲区错误漏洞,该漏洞源于应用未能有效处理以&结尾的URL。攻击者可以利用该漏洞向FreeSWITCH发送带有恶意sdp消息,导致应用崩溃。
CVSS Information
N/A
Vulnerability Type
N/A