VYPR
← All advisories
Unrated severityNVD Advisory· Published Aug 12, 2021· Updated Aug 3, 2024

CVE-2021-33056

CVE-2021-33056

Description

Belledonne Belle-sip before 4.5.20, as used in Linphone and other products, can crash via an invalid From header in a SIP message.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

A crash vulnerability in Belledonne Belle-sip before 4.5.20 allows denial of service via a crafted SIP message with an invalid From header.

Vulnerability

Belle-sip before version 4.5.20 contains a crash vulnerability in its SIP message parser when processing a malformed From header. The parser fails to handle certain invalid header values, leading to a null pointer dereference or similar memory corruption. This affects all products using belle-sip, including Linphone.

Exploitation

An unauthenticated attacker can send a crafted SIP message containing an invalid From header to a vulnerable instance. No special network position or authentication is required; the attacker only needs to be able to deliver a SIP message to the target.

Impact

Successful exploitation causes the belle-sip process to crash, resulting in a denial of service (DoS). The crash may disrupt ongoing calls or prevent the service from handling further SIP messages until restarted.

Mitigation

The vulnerability is fixed in belle-sip version 4.5.20, released on June 10, 2021 [2]. Users should upgrade to this version or later. The fix is implemented in commit 116e3eb48fe43ea63eb9f3c4b4b30c48d58d6ff0 [1]. No workarounds are documented; upgrading is the recommended action.

References
  1. Fix crash while receiving some kind of invalid from header. · BelledonneCommunications/belle-sip@116e3eb
  2. Comparing 4.5.15...4.5.20 · BelledonneCommunications/belle-sip

AI Insight generated on May 27, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

2

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

2

News mentions

0

No linked articles in our index yet.