CVE-2024-3119

CVSS 3.1 Score 6.1 of 10 (medium)

Details

Published Apr 10, 2024
CWE ID 79

Summary

CVE-2024-3119 is a buffer overflow vulnerability affecting all versions of sngrep since v0.4.2. The issue arises from the improper handling of 'Call-ID' and 'X-Call-ID' SIP headers in the sip.c file. The functions sip_get_callid and sip_get_xcallid use the strncpy function to copy header contents into fixed-size buffers without checking the data length, leading to a buffer overflow. This vulnerability enables remote attackers to execute arbitrary code or cause a denial of service through specifically crafted SIP messages.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share