CVSS 3.1 Score 9.0 of 10 (high)


Published Apr 10, 2024
CWE ID 120


CVE-2024-3120 is a stack-buffer overflow vulnerability that affects all versions of sngrep since v1.4.1. The vulnerability is due to inadequate bounds checking when copying 'Content-Length' and 'Warning' headers into fixed-size buffers in the sip_validate_packet and sip_parse_extra_headers functions within src/sip.c. This flaw allows remote attackers to execute arbitrary code or cause a denial of service (DoS) by sending crafted SIP messages. It has a base severity of CRITICAL, with high impacts on integrity and confidentiality, and a base score of 9.0 according to CVSS:3.1. The vulnerability has been assigned CWE-120, indicating a classic buffer overflow issue. Remediation should involve updating sngrep to the latest version available to mitigate the risk posed to organizations using this software.

Explore Beyond the CVE Basics with Recorded Future's Vulnerability Intelligence

Note: This is just a basic overview providing quick insights into CVE-2024-3120 information. Gain full access to comprehensive CVE data, risk scores, prioritization, and mitigation data through Recorded Future's Vulnerability Intelligence:
  • Prioritize with Risk-Based Scoring
  • Explore the Extensive Vulnerability Database
  • Receive Early Alerts on Emerging CVEs
  • Focus on Critical Exploitable Vulnerabilities
  • Streamline Remediation with Integration Options