Bug 27760 - libosip2 security vulnerability CVE-2017-7853
Summary: libosip2 security vulnerability CVE-2017-7853
Status: RESOLVED DUPLICATE of bug 20758
Alias: None
Product: Mageia
Classification: Unclassified
Component: Security (show other bugs)
Version: Cauldron
Hardware: All Linux
Priority: Normal normal
Target Milestone: ---
Assignee: Mageia Bug Squad
QA Contact: Sec team
URL: https://nvd.nist.gov/vuln/detail/CVE-...
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2020-12-06 15:18 CET by Zombie Ryushu
Modified: 2020-12-06 17:26 CET (History)
0 users

See Also:
Source RPM: libosip2-5.0.0-4.mga8.src
CVE: CVE-2017-7853
Status comment:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description Zombie Ryushu 2020-12-06 15:18:22 CET 
In libosip2 in GNU oSIP 4.1.0 and 5.0.0, a malformed SIP message can lead to a heap buffer overflow in the msg_osip_body_parse() function defined in osipparser2/osip_message_parse.c, resulting in a remote DoS.
Zombie Ryushu 2020-12-06 15:18:41 CET

CVE: (none) => CVE-2017-7853

Comment 1 David Walser 2020-12-06 17:26:28 CET 
Already reported and FIXED.

*** This bug has been marked as a duplicate of bug 20758 ***

Resolution: (none) => DUPLICATE
Status: NEW => RESOLVED
Note You need to log in before you can comment on or make changes to this bug.