Multiple security issues were reported in libosip2. CVE-2016-10324 - In libosip2 in GNU oSIP, a malformed SIP message can lead to a heap buffer overflow in the osip_clrncpy() function defined in osipparser2/osip_port.c. https://savannah.gnu.org/support/index.php?109133 CVE-2016-10325 - In libosip2 in GNU oSIP, a malformed SIP message can lead to a heap buffer overflow in the _osip_message_to_str() function defined in osipparser2/osip_message_to_str.c, resulting in a remote DoS. https://savannah.gnu.org/support/index.php?109131 CVE-2016-10326 - In libosip2 in GNU oSIP, a malformed SIP message can lead to a heap buffer overflow in the osip_body_to_str() function defined in osipparser2/osip_body.c, resulting in a remote DoS. https://savannah.gnu.org/support/index.php?109132 CVE-2017-7853 - In libosip2 in GNU oSIP, a malformed SIP message can lead to a heap buffer overflow in the msg_osip_body_parse() function defined in osipparser2/osip_message_parse.c, resulting in a remote DoS. https://savannah.gnu.org/support/index.php?109265
Created libosip2 tracking bugs for this issue: Affects: fedora-all [bug 1442990]
This CVE Bugzilla entry is for community support informational purposes only as it does not affect a package in a commercially supported Red Hat product. Refer to the dependent bugs for status of those individual community products.