Libosip2 – Vulnerability in libosip2 allow a heap based buffer overflow

Advisory IDRSN-SIP-1546

Vulnerability Information


In libosip2 in GNU oSIP 4.1.0, a malformed SIP message can lead to aheap buffer overflow in the osip_clrncpy() function defined inosipparser2/osip_port.c.  For more information on the affected versions, CVE-2016-10324 was assigned for this bug.

Release Date

2017-04-13 00:00:00




The UCTM solution from RedShift Networks provides the industry’s first complete security solution developed to secure VOIP networks, endpoints and applications. His research team is constantly looking for new attack patterns, advanced penetration testing methods, vulnerability identification and deployment of new signatures for constantly subscribed clients. For more information visit

External Resources




The oSIP library

Common Vulnerabilities and Exposures (CVE)