Bshastry

**Name of the Vulnerable Software and Affected Versions** GNU oSIP versions 4.1.0 through 5.0.0 **Description** A malformed SIP message can cause a heap buffer overflow in the `msg osip body parse()` function, leading to a remote denial of service. This issue is related to the `osip message parse.c` file in the `osipparser2` directory. **Recommendations** For GNU oSIP versions 4.1.0 through 5.0.0, consider disabling the `msg osip body parse()` function as a temporary workaround until a patch is available. Restrict access to the `osipparser2` module to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** GNU oSIP version 4.1.0 **Description** A heap buffer overflow issue exists due to a malformed SIP message. This issue is related to the osip clrncpy() function defined in osipparser2/osip port.c. **Recommendations** For GNU oSIP version 4.1.0, consider applying a patch or fix to address the heap buffer overflow issue in the osip clrncpy() function. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** GNU oSIP version 4.1.0 **Description** A malformed SIP message can cause a heap buffer overflow in the `osip body to str()` function, leading to a remote denial of service. The issue is related to the `osip body to str()` function defined in `osipparser2/osip body.c`. **Recommendations** For GNU oSIP version 4.1.0, consider disabling the `osip body to str()` function as a temporary workaround until a patch is available. Restrict access to the `osipparser2/osip body.c` module to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.