PT-2006-1789 · Estara · Estara Sip Softphone

Publicado

2006-02-17

Atualizado

2018-10-19

CVE-2006-0738

CVSS v2.0

5.0

Média

Vetor

AV:N/AC:L/Au:N/C:N/I:N/A:P

Name of the Vulnerable Software and Affected Versions eStara SIP softphone (affected versions not specified)

Description The issue allows remote attackers to cause a denial of service (hang) via SIP INVITE requests with format string specifiers in the SDP session description. This can be achieved by including format string specifiers in specific fields, such as the field name, the o field (owner/creator and session identifier), or the m field (media name and transport address).

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Identificadores relacionados

CVE-2006-0738

Produtos afetados

Estara Sip Softphone

PT-2006-1789 · Estara · Estara Sip Softphone

CVE-2006-0738

Identificadores relacionados

Produtos afetados

Referências · 7