VYPR
← All advisories
Unrated severityNVD Advisory· Published Nov 12, 2021· Updated Aug 4, 2024

CVE-2021-43610

CVE-2021-43610

Description

Belledonne Belle-sip before 5.0.20 can crash applications such as Linphone via an invalid From header (request URI without a parameter) in an unauthenticated SIP message, a different issue than CVE-2021-33056.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

An invalid From header with a request URI lacking a parameter in an unauthenticated SIP message can crash Belle-sip before 5.0.20, affecting applications like Linphone.

Vulnerability

Belle-sip versions before 5.0.20 contain a crash vulnerability triggered by an invalid From header in an unauthenticated SIP message. Specifically, a request URI without a parameter (e.g., sip:user@host without a ; parameter) causes a null pointer dereference or similar crash. The issue is distinct from CVE-2021-33056. Affected versions: all prior to 5.0.20. [1][2]

Exploitation

An attacker can send a crafted SIP message with a malformed From header containing a request URI that lacks any parameters. No authentication is required; the message is processed by the SIP stack. The crash occurs during parsing of the From header. [1][2]

Impact

Successful exploitation causes a denial of service (DoS) by crashing the application (e.g., Linphone) that uses the vulnerable Belle-sip library. The crash is immediate upon receipt of the malicious message. No code execution or data disclosure is indicated. [1][2]

Mitigation

The fix was released in Belle-sip version 5.0.20, which includes a commit that addresses the crash by adding proper validation of the From header. Users should upgrade to 5.0.20 or later. No workaround is documented. [1][2]

References
  1. -fix via header of CANCEL request · BelledonneCommunications/belle-sip@d3f0651
  2. Comparing 5.0.18...5.0.20 · BelledonneCommunications/belle-sip

AI Insight generated on May 27, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

2

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

2

News mentions

0

No linked articles in our index yet.