Zwell

**Name of the Vulnerable Software and Affected Versions** CounterPath X-Lite version 3.0 34025 **Description** The issue allows remote attackers to cause a denial of service, resulting in a device crash, by sending a SIP INVITE message without a Content-Type header. **Recommendations** For CounterPath X-Lite version 3.0 34025, consider restricting or validating SIP INVITE messages to prevent those without a Content-Type header from being processed, until a patch is available.

**Name of the Vulnerable Software and Affected Versions** WengoPhone version 2.1 **Description** The issue allows remote attackers to cause a denial of service, resulting in a device crash. This can be achieved by sending a SIP INVITE message without a Content-Type header. **Recommendations** For WengoPhone version 2.1, consider implementing validation for SIP INVITE messages to ensure they contain a Content-Type header, or apply a patch if one becomes available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** CounterPath eyeBeam SIP Softphone (affected versions not specified) **Description** The issue allows remote attackers to cause a denial of service, resulting in a device crash or hang, by sending SIP INVITE commands with a long header field name. This can occur during startup or during a call. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.