Unrated severityNVD Advisory· Published Apr 9, 2024· Updated Feb 21, 2025
Stack-Buffer Overflow in 'Content-Length' and 'Warning' Header Processing in sngrep
CVE-2024-3120
Description
A stack-buffer overflow vulnerability exists in all versions of sngrep since v1.4.1. The flaw is due to inadequate bounds checking when copying 'Content-Length' and 'Warning' headers into fixed-size buffers in the sip_validate_packet and sip_parse_extra_headers functions within src/sip.c. This vulnerability allows remote attackers to execute arbitrary code or cause a denial of service (DoS) via crafted SIP messages.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
5- osv-coords3 versionspkg:rpm/opensuse/sngrep&distro=openSUSE%20Leap%2015.5pkg:rpm/opensuse/sngrep&distro=openSUSE%20Tumbleweedpkg:rpm/suse/sngrep&distro=SUSE%20Package%20Hub%2015%20SP5
< 1.8.1-bp155.2.3.1+ 2 more
- (no CPE)range: < 1.8.1-bp155.2.3.1
- (no CPE)range: < 1.8.1-1.1
- (no CPE)range: < 1.8.1-bp155.2.3.1
Patches
Vulnerability mechanics
References
3News mentions
0No linked articles in our index yet.