Condorlab

Libosip2 – SIP message body length underflow in Libosip allow DoS


Advisory IDRSN-SIP-1563


Vulnerability Information

 

In libosip2 in GNU oSIP 4.1.0 and 5.0.0, a malformed SIP message canlead to a heap buffer overflow in the msg_osip_body_parse() function defined in osipparser2/osip_message_parse.c, resulting in a remote DoS.  For more information on the affected versions, CVE-2017-7853 was assigned for this bug.


Release Date

2017-04-13 00:00:00


Solutions

 

The UCTM solution from RedShift Networks provides the industry’s first complete security solution developed to secure VOIP networks, endpoints and applications. His research team Condor-Labs.com is constantly looking for new attack patterns, advanced penetration testing methods, vulnerability identification and deployment of new signatures for constantly subscribed clients. For more information visit www.redshiftnetworks.com


External Resources

 

 

 

The oSIP library

https://savannah.gnu.org/support/index.php?109265

Common Vulnerabilities and Exposures (CVE)

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7853