Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Heap-based Buffer Overflow and Out-of-bounds Write in Sofia-SIP
Vulnerability Description
Sofia-SIP is an open-source Session Initiation Protocol (SIP) User-Agent library. Prior to version 1.13.8, when parsing each line of a sdp message, `rest = record + 2` will access the memory behind `\0` and cause an out-of-bounds write. An attacker can send a message with evil sdp to FreeSWITCH, causing a crash or more serious consequence, such as remote code execution. Version 1.13.8 contains a patch for this issue.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
Vulnerability Type
堆缓冲区溢出
Vulnerability Title
Sofia-SIP 缓冲区错误漏洞
Vulnerability Description
Sofia-SIP是freeswitch个人开发者的一个开源的 SIP 用户代理库,符合 IETF RFC3261 规范。 Sofia-SIP 存在安全漏洞,该漏洞源于应用解析sdp消息时会访问内存导致越界写入。攻击者可以利用该漏洞向FreeSWITCH发送带有恶意sdp消息,导致应用崩溃。
CVSS Information
N/A
Vulnerability Type
N/A