CVE-2024-3119
CVSS 3.1 Score 6.1 of 10 (medium)
Details
Published Apr 10, 2024
CWE ID 79
Summary
CVE-2024-3119 is a buffer overflow vulnerability affecting all versions of sngrep since v0.4.2. The issue arises from the improper handling of 'Call-ID' and 'X-Call-ID' SIP headers in the sip.c file. The functions sip_get_callid and sip_get_xcallid use the strncpy function to copy header contents into fixed-size buffers without checking the data length, leading to a buffer overflow. This vulnerability enables remote attackers to execute arbitrary code or cause a denial of service through specifically crafted SIP messages.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share