CVE-2017-11654 - An out-of-bounds read and write flaw was found in the way SIPcrack 0.2 processed SIP traffic, becaus

CVE-2017-11654

Summary

An out-of-bounds read and write flaw was found in the way SIPcrack 0.2 processed SIP traffic, because 0x00 termination of a payload array was mishandled. A remote attacker could potentially use this flaw to crash the sipdump process by generating specially crafted SIP traffic.

References

http://openwall.com/lists/oss-security/2017/07/26/1
http://www.securityfocus.com/bid/100023

Vulnerable Configurations

cpe:2.3:a:sipcrack_project:sipcrack:0.2:*:*:*:*:*:*:*
cpe:2.3:a:sipcrack_project:sipcrack:0.2:*:*:*:*:*:*:*

CVSS

Base:	4.3 (as of 06-10-2022 - 18:55)
Impact:
Exploitability:

CWE

CWE-787

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	MEDIUM	NONE

Impact

Confidentiality	Integrity	Availability
NONE	NONE	PARTIAL

cvss-vector via4

AV:N/AC:M/Au:N/C:N/I:N/A:P

refmap via4

bid	100023
misc	http://openwall.com/lists/oss-security/2017/07/26/1

Last major update

06-10-2022 - 18:55

Published

26-07-2017 - 14:29

Last modified

06-10-2022 - 18:55