CVE-2017-11654

CVSS v3.1

5.9

Medium

Vector

AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions SIPcrack version 0.2

Description An out-of-bounds read and write flaw was found in the way SIPcrack processed SIP traffic, due to mishandling of 0x00 termination of a payload array. A remote attacker could potentially use this flaw to crash the sipdump process by generating specially crafted SIP traffic.

Recommendations For SIPcrack version 0.2, consider restricting access to the sipdump process until a patch is available to prevent potential crashes caused by specially crafted SIP traffic.

Exploit

Fix

Memory Corruption

Out of bounds Read

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-787CWE-125

Related Identifiers

CVE-2017-11654

Affected Products

Debian

Sipcrack

CVE-2017-11654

Weakness Enumeration

Related Identifiers

Affected Products

References · 9