Unrated severityNVD Advisory· Published Jun 22, 2007· Updated Apr 23, 2026

CVE-2007-3369

Description

Buffer overflow in Polycom SoundPoint IP 601 SIP phone allows remote denial of service via crafted INVITE with long Via header.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Buffer overflow in Polycom SoundPoint IP 601 SIP phone allows remote denial of service via crafted INVITE with long Via header.

Vulnerability

Buffer overflow vulnerability in the Polycom SoundPoint IP 601 SIP phone running BootROM 3.0.x+ and SIP version 1.6.3.0067. The flaw exists in the handling of the Via header in INVITE messages, where a long header triggers a buffer overflow.

Exploitation

An unauthenticated remote attacker can exploit this by sending a specially crafted SIP INVITE message with an overly long Via header to the affected device. No user interaction or prior authentication is required.

Impact

Successful exploitation causes the device to hang or reboot, resulting in a denial of service. No code execution or data compromise is indicated.

Mitigation

No mitigation details are provided in the available references. Users should contact Polycom for firmware updates or apply vendor recommendations if available.

AI Insight generated on May 24, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

Polycom/Soundpoint IP 6012 versions
cpe:2.3:h:polycom:soundpoint_ip_601:1.6.3.0067_bootrom_3.0.0:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:h:polycom:soundpoint_ip_601:1.6.3.0067_bootrom_3.0.0:*:*:*:*:*:*:*
- (no CPE)range: BootROM 3.0.x+ and SIP version 1.6.3.0067

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000