Libosip Multiple Denial of Service Vulnerabilities

Libosip is prone to multiple denial of service vulnerabilities.

An attacker can exploit this issue to cause denial-of-service conditions.

Libosip 5.0.0 fixes the issues.

Information

Bugtraq ID: 92921
Class: Failure to Handle Exceptional Conditions
CVE: CVE-2016-10326
CVE-2016-10325

Remote: Yes
Local: No
Published: Sep 13 2016 12:00AM
Updated: Apr 14 2017 07:05AM
Credit: Bhargava Shastry
Vulnerable: GNU libosip 4.1

Not Vulnerable: GNU libosip 5.0

References:

• Libosip Homepage (Antisip)
  
• Multiple DoS vulnerabilities in libosip2-4.1.0 (Seclists.org)
  
• sr #109131: Heap buffer overflow in `_osip_message_to_str` in libosip2-4.1.0 (GNU)
  
• sr #109132: Heap buffer overflow in *osip_body_to_str* in libosip2-4.1.0 (GNU)
  
• update ChangeLog (Git)
  

Source: www.securityfocus.com