CVE-2025-68274

Name of the Vulnerable Software and Affected Versions SIPGO versions 0.3.0 through 1.0.0-alpha-1

Description SIPGO is a library for writing SIP services in the GO language. A nil pointer dereference exists in the NewResponseFromRequest function, impacting normal SIP operations. This allows a remote attacker to crash a SIP application by sending a malformed SIP request lacking a To header. The issue arises because the response creation code assumes the To header exists without checking if it is nil, even when SIP message parsing succeeds for a request missing the To header. This affects routine operations such as call setup, authentication, and message handling.

Recommendations Versions prior to 1.0.0-alpha-1 should be updated to version 1.0.0-alpha-1 or later.