CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-3120 – Stack-Buffer Overflow in 'Content-Length' and 'Warning' Header Processing in sngrep
https://notcve.org/view.php?id=CVE-2024-3120
A stack-buffer overflow vulnerability exists in all versions of sngrep since v1.4.1. The flaw is due to inadequate bounds checking when copying 'Content-Length' and 'Warning' headers into fixed-size buffers in the sip_validate_packet and sip_parse_extra_headers functions within src/sip.c. This vulnerability allows remote attackers to execute arbitrary code or cause a denial of service (DoS) via crafted SIP messages. Existe una vulnerabilidad de desbordamiento de búfer en la región stack de la memoria en todas las versiones de sngrep desde la v1.4.1. La falla se debe a una verificación inadecuada de los límites al copiar los encabezados 'Content-Length' y 'Warning' en búferes de tamaño fijo en las funciones sip_validate_packet y sip_parse_extra_headers dentro de src/sip.c. • https://github.com/irontec/sngrep/pull/480/commits/f229a5d31b0be6a6cc3ab4cd9bfa4a1b5c5714c6 https://github.com/irontec/sngrep/releases/tag/v1.8.1 https://pentraze.com/vulnerability-reports • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-3119 – Stack-Buffer Overflow in 'Call-ID' and 'X-Call-ID' SIP Header Processing in sngrep
https://notcve.org/view.php?id=CVE-2024-3119
A buffer overflow vulnerability exists in all versions of sngrep since v0.4.2, due to improper handling of 'Call-ID' and 'X-Call-ID' SIP headers. The functions sip_get_callid and sip_get_xcallid in sip.c use the strncpy function to copy header contents into fixed-size buffers without checking the data length. This flaw allows remote attackers to execute arbitrary code or cause a denial of service (DoS) through specially crafted SIP messages. Existe una vulnerabilidad de desbordamiento del búfer en todas las versiones de sngrep desde la v0.4.2, debido al manejo inadecuado de los encabezados SIP 'Call-ID' y 'X-Call-ID'. Las funciones sip_get_callid y sip_get_xcallid en sip.c usan la función strncpy para copiar el contenido del encabezado en buffers de tamaño fijo sin verificar la longitud de los datos. • https://github.com/irontec/sngrep/pull/480/commits/73c15c82d14c69df311e05fa75da734faafd365f https://github.com/irontec/sngrep/releases/tag/v1.8.1 https://pentraze.com/vulnerability-reports • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-36192
https://notcve.org/view.php?id=CVE-2023-36192
Sngrep v1.6.0 was discovered to contain a heap buffer overflow via the function capture_ws_check_packet at /src/capture.c. • https://github.com/irontec/sngrep/issues/438 • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-31981
https://notcve.org/view.php?id=CVE-2023-31981
Sngrep v1.6.0 was discovered to contain a stack buffer overflow via the function packet_set_payload at /src/packet.c. • https://github.com/irontec/sngrep/issues/430 • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-31982
https://notcve.org/view.php?id=CVE-2023-31982
Sngrep v1.6.0 was discovered to contain a heap buffer overflow via the function capture_packet_reasm_ip at /src/capture.c. • https://github.com/irontec/sngrep/issues/431 • CWE-787: Out-of-bounds Write •