CVE-2018-12584
published 2018-07-16CVE-2018-12584: The ConnectionBase::preparseNewBytes function in resip/stack/ConnectionBase.cxx in reSIProcate through 1.10.2 allows remote attackers to cause a denial of…
PriorityP268critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EXPLOIT
EPSS
24.59%
97.6th percentile
The ConnectionBase::preparseNewBytes function in resip/stack/ConnectionBase.cxx in reSIProcate through 1.10.2 allows remote attackers to cause a denial of service (buffer overflow) or possibly execute arbitrary code when TLS communication is enabled.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | debian_linux | — | — |
| debian | debian_linux | — | — |
| resiprocate | resiprocate | <= 1.10.2 | — |
Detection & IOCsextracted from sources · hover to see the quote
commandREGISTER sip:<server> SIP/2.0\r\nVia: SIP/2.0/TCP <via>\r\nContact: \r\nTo: \r\nFrom: \r\nCSeq: <n> REGISTER\r\nExpires: 600\r\nContent-Length: 100\r\n\r\n↗
- →Trigger condition: TLS SIP message (REGISTER or response) sent with a Content-Length value lower than the actual body length that follows in a subsequent TLS packet. Detect anomalous Content-Length vs. actual body size mismatch on TLS port 5061. ↗
- →The vulnerability is only exploitable over TLS (port 5061); TCP transport does not trigger the overflow. Focus TLS SIP inspection on ConnectionBase::preparseNewBytes call path. ↗
- →No SIP authentication is required to trigger the vulnerability; unauthenticated REGISTER or SUBSCRIBE requests over TLS to port 5061 with mismatched Content-Length should be flagged. ↗
- →Client-side exploitation vector: a malicious SIP server can trigger the overflow in reSIProcate-based clients by responding to a SUBSCRIBE request with a 200 OK containing a Content-Length smaller than the body sent. ↗
- ·The heap overflow is only reachable when TLS is enabled in reSIProcate. Deployments using TCP-only transport are not affected. ↗
- ·Affected versions are reSIProcate through 1.10.2. The fix is in commit 2cb291191c93c7c4e371e22cb89805a5b31d6608; 3CX Phone System 15.5.13470.6+ and Debian package 1:1.9.7-5+deb8u1 include the fix. ↗
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
osv9.8CRITICAL
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-wj2v-cw66-5qcg: The ConnectionBase::preparseNewBytes function in resip/stack/ConnectionBase
ghsa_unreviewed·2022-05-13
CVE-2018-12584 [CRITICAL] CWE-120 GHSA-wj2v-cw66-5qcg: The ConnectionBase::preparseNewBytes function in resip/stack/ConnectionBase
The ConnectionBase::preparseNewBytes function in resip/stack/ConnectionBase.cxx in reSIProcate through 1.10.2 allows remote attackers to cause a denial of service (buffer overflow) or possibly execute arbitrary code when TLS communication is enabled.
OSV
CVE-2018-12584: The ConnectionBase::preparseNewBytes function in resip/stack/ConnectionBase
osv·2018-07-16·CVSS 9.8
CVE-2018-12584 [CRITICAL] CVE-2018-12584: The ConnectionBase::preparseNewBytes function in resip/stack/ConnectionBase
The ConnectionBase::preparseNewBytes function in resip/stack/ConnectionBase.cxx in reSIProcate through 1.10.2 allows remote attackers to cause a denial of service (buffer overflow) or possibly execute arbitrary code when TLS communication is enabled.
No detection rules found.
Bugzilla
CVE-2018-12584 resiprocate: buffer overflow in resip/stack/ConnectionBase.cxx [epel-all]
bugzilla·2018-07-17·CVSS 9.8
CVE-2018-12584 [CRITICAL] CVE-2018-12584 resiprocate: buffer overflow in resip/stack/ConnectionBase.cxx [epel-all]
CVE-2018-12584 resiprocate: buffer overflow in resip/stack/ConnectionBase.cxx [epel-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of epel-all.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue affects multiple supported
Bugzilla
CVE-2018-12584 resiprocate: buffer overflow in resip/stack/ConnectionBase.cxx
bugzilla·2018-07-17·CVSS 9.8
CVE-2018-12584 [CRITICAL] CVE-2018-12584 resiprocate: buffer overflow in resip/stack/ConnectionBase.cxx
CVE-2018-12584 resiprocate: buffer overflow in resip/stack/ConnectionBase.cxx
A flaw was found in reSIProcate through 1.10.2. The ConnectionBase::preparseNewBytes function in resip/stack/ConnectionBase.cxx allows remote attackers to cause a denial of service (buffer overflow) or possibly execute arbitrary code when TLS communication is enabled.
References:
http://joachimdezutter.webredirect.org/advisory.html
Upstream Patch:
https://github.com/resiprocate/resiprocate/commit/2cb291191c93c7c4e371e22cb89805a5b31d6608
Discussion:
Created resiprocate tracking bugs for this issue:
Affects: epel-all [bug 1602099]
Affects: fedora-all [bug 1602098]
---
This CVE Bugzilla entry is for community support informational purposes only as it does not affect a package in a commercially supported Red
Bugzilla
CVE-2018-12584 resiprocate: buffer overflow in resip/stack/ConnectionBase.cxx [fedora-all]
bugzilla·2018-07-17·CVSS 9.8
CVE-2018-12584 [CRITICAL] CVE-2018-12584 resiprocate: buffer overflow in resip/stack/ConnectionBase.cxx [fedora-all]
CVE-2018-12584 resiprocate: buffer overflow in resip/stack/ConnectionBase.cxx [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of fedora-all.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue affects multiple suppo
http://joachimdezutter.webredirect.org/advisory.htmlhttp://seclists.org/bugtraq/2018/Aug/14https://github.com/resiprocate/resiprocate/commit/2cb291191c93c7c4e371e22cb89805a5b31d6608https://lists.debian.org/debian-lts-announce/2018/07/msg00031.htmlhttps://lists.debian.org/debian-lts-announce/2021/12/msg00029.htmlhttps://packetstormsecurity.com/files/148856/reSIProcate-1.10.2-Heap-Overflow.htmlhttps://www.exploit-db.com/exploits/45174/http://joachimdezutter.webredirect.org/advisory.htmlhttp://seclists.org/bugtraq/2018/Aug/14https://github.com/resiprocate/resiprocate/commit/2cb291191c93c7c4e371e22cb89805a5b31d6608https://lists.debian.org/debian-lts-announce/2018/07/msg00031.htmlhttps://lists.debian.org/debian-lts-announce/2021/12/msg00029.htmlhttps://packetstormsecurity.com/files/148856/reSIProcate-1.10.2-Heap-Overflow.htmlhttps://www.exploit-db.com/exploits/45174/
2018-07-16
Published