Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
SIPGO library has response DoS vulnerability via nil pointer dereference
Vulnerability Description
SIPGO is a library for writing SIP services in the GO language. Starting in version 0.3.0 and prior to version 1.0.0-alpha-1, a nil pointer dereference vulnerability is in the SIPGO library's `NewResponseFromRequest` function that affects all normal SIP operations. The vulnerability allows remote attackers to crash any SIP application by sending a single malformed SIP request without a To header. The vulnerability occurs when SIP message parsing succeeds for a request missing the To header, but the response creation code assumes the To header exists without proper nil checks. This affects routine operations like call setup, authentication, and message handling - not just error cases. This vulnerability affects all SIP applications using the sipgo library, not just specific configurations or edge cases, as long as they make use of the `NewResponseFromRequest` function. Version 1.0.0-alpha-1 contains a patch for the issue.
CVSS Information
N/A
Vulnerability Type
空指针解引用
Vulnerability Title
SIPGO 安全漏洞
Vulnerability Description
SIPGO是Emia个人开发者的一个用于在GO中编写快速SIP服务的SIP库。 SIPGO 0.3.0版本至1.0.0-alpha-1之前版本存在安全漏洞,该漏洞源于NewResponseFromRequest函数存在空指针取消引用,可能导致SIP应用程序崩溃。
CVSS Information
N/A
Vulnerability Type
N/A