Bug#869404: resiprocate: CVE-2017-11521: Adding too many media connections may lead to memory exhaustion
Moritz Muehlenhoff
jmm at debian.org
Sat Sep 30 22:34:05 UTC 2017
On Sun, Jul 23, 2017 at 07:55:20AM +0200, Salvatore Bonaccorso wrote:
> Source: resiprocate
> Version: 1:1.9.7-5
> Severity: grave
> Tags: upstream security
> Forwarded: https://github.com/resiprocate/resiprocate/pull/88
>
> Hi,
>
> the following vulnerability was published for resiprocate.
>
> CVE-2017-11521[0]:
> | The SdpContents::Session::Medium::parse function in
> | resip/stack/SdpContents.cxx in reSIProcate 1.10.2 allows remote
> | attackers to cause a denial of service (memory consumption) by
> | triggering many media connections.
>
> If you fix the vulnerability please also make sure to include the
> CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
>
> For further information see:
>
> [0] https://security-tracker.debian.org/tracker/CVE-2017-11521
> https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11521
> [1] https://github.com/resiprocate/resiprocate/pull/88
What's the status, this is unfixed for many months now?
Cheers,
Moritz
More information about the Pkg-voip-maintainers
mailing list