Unrated severityNVD Advisory· Published Apr 9, 2024· Updated Aug 8, 2024
Stack-Buffer Overflow in 'Call-ID' and 'X-Call-ID' SIP Header Processing in sngrep
CVE-2024-3119
Description
A buffer overflow vulnerability exists in all versions of sngrep since v0.4.2, due to improper handling of 'Call-ID' and 'X-Call-ID' SIP headers. The functions sip_get_callid and sip_get_xcallid in sip.c use the strncpy function to copy header contents into fixed-size buffers without checking the data length. This flaw allows remote attackers to execute arbitrary code or cause a denial of service (DoS) through specially crafted SIP messages.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
5- osv-coords3 versionspkg:rpm/opensuse/sngrep&distro=openSUSE%20Leap%2015.5pkg:rpm/opensuse/sngrep&distro=openSUSE%20Tumbleweedpkg:rpm/suse/sngrep&distro=SUSE%20Package%20Hub%2015%20SP5
< 1.8.1-bp155.2.3.1+ 2 more
- (no CPE)range: < 1.8.1-bp155.2.3.1
- (no CPE)range: < 1.8.1-1.1
- (no CPE)range: < 1.8.1-bp155.2.3.1
Patches
Vulnerability mechanics
References
3News mentions
0No linked articles in our index yet.