Red Hat Bugzilla – Bug 296371
CVE-2007-4924 ekiga remote crash caused by insufficient input validation
Last modified: 2016-03-04 06:06:36 EST
JosÃ© Miguel Esparza discovered that insufficient input validation is performed
on SIP protocol header field 'Content-Length' by opal library used by ekiga.
This flaw can be used to write '\0' byte to attacker-controlled address and
crash ekiga. Ekiga 2.0.10 using opal library 2.2.10 was released to address
Ekiga 2.0.10 release notes:
CVS commit pointed out by upstream:
(some of the previous commits may be required to get complete checks / fix)
Created attachment 208511 [details]
Patch backported from CVS.
Fixed in affected products:
Red Hat Enterprise Linux: