CVE-2016-10325

CWE-119Buffer Overflow7 documents6 sources
Severity
7.5HIGH
EPSS
0.5%
top 35.03%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
GNU Osip
Timeline
PublishedApr 13
Latest updateMay 17

Description

In libosip2 in GNU oSIP 4.1.0, a malformed SIP message can lead to a heap buffer overflow in the _osip_message_to_str() function defined in osipparser2/osip_message_to_str.c, resulting in a remote DoS.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

Debianlibosip2< 4.1.0-2.1+3
NVDgnu/osip4.1.0

Patches

Patch: savannah.gnu.orgPatch: savannah.gnu.org

🔴Vulnerability Details

3
GHSA
GHSA-5wmj-6qqf-8w27: In libosip2 in GNU oSIP 42022-05-17
CVEList
CVE-2016-10325: In libosip2 in GNU oSIP 42017-04-13
OSV
CVE-2016-10325: In libosip2 in GNU oSIP 42017-04-13

📋Vendor Advisories

1
Debian
CVE-2016-10325: libosip2 - In libosip2 in GNU oSIP 4.1.0, a malformed SIP message can lead to a heap buffer...2016

💬Community

2
Bugzilla
CVE-2016-10324 CVE-2016-10325 CVE-2016-10326 CVE-2017-7853 libosip2: Multiple vulnerabilities2017-04-18
Bugzilla
CVE-2016-10324 CVE-2016-10325 CVE-2016-10326 CVE-2017-7853 libosip2: Multiple vulnerabilities [fedora-all]2017-04-18