CVE-2024-3120 - OpenCVE

A stack-buffer overflow vulnerability exists in all versions of sngrep since v1.4.1. The flaw is due to inadequate bounds checking when copying 'Content-Length' and 'Warning' headers into fixed-size buffers in the sip_validate_packet and sip_parse_extra_headers functions within src/sip.c. This vulnerability allows remote attackers to execute arbitrary code or cause a denial of service (DoS) via crafted SIP messages.

No CVSS v4.0

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Changed

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

No data.

No data.

No data.

References

Link	Providers
https://github.com/irontec/sngrep/pull/480/commits/f229a5d31b0be6a6cc3ab4cd9bfa4a1b5c5714c6
https://github.com/irontec/sngrep/releases/tag/v1.8.1
https://pentraze.com/vulnerability-reports/

History

No history.

MITRE

Status: PUBLISHED

Assigner: Pentraze

Published: 2024-04-09T23:55:57.410Z

Updated: 2024-08-01T19:32:42.908Z

Reserved: 2024-03-31T17:10:14.906Z

Link: CVE-2024-3120

Vulnrichment

Updated: 2024-08-01T19:32:42.908Z

NVD

Status : Awaiting Analysis

Published: 2024-04-10T00:15:12.340

Modified: 2024-04-10T13:23:38.787

Link: CVE-2024-3120

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-3120", "assignerOrgId": "41c37e40-543d-43a2-b660-2fee83ea851a", "state": "PUBLISHED", "assignerShortName": "Pentraze", "dateReserved": "2024-03-31T17:10:14.906Z", "datePublished": "2024-04-09T23:55:57.410Z", "dateUpdated": "2024-08-01T19:32:42.908Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "platforms": ["Linux"], "product": "sngrep", "vendor": "irontec", "versions": [{"lessThanOrEqual": "1.8.0", "status": "affected", "version": "1.4.1", "versionType": "semver"}]}], "datePublic": "2024-04-09T23:52:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "A stack-buffer overflow vulnerability exists in all versions of sngrep since v1.4.1. The flaw is due to inadequate bounds checking when copying 'Content-Length' and 'Warning' headers into fixed-size buffers in the sip_validate_packet and sip_parse_extra_headers functions within src/sip.c. This vulnerability allows remote attackers to execute arbitrary code or cause a denial of service (DoS) via crafted SIP messages."}], "value": "A stack-buffer overflow vulnerability exists in all versions of sngrep since v1.4.1. The flaw is due to inadequate bounds checking when copying 'Content-Length' and 'Warning' headers into fixed-size buffers in the sip_validate_packet and sip_parse_extra_headers functions within src/sip.c. This vulnerability allows remote attackers to execute arbitrary code or cause a denial of service (DoS) via crafted SIP\u00a0messages."}], "impacts": [{"capecId": "CAPEC-100", "descriptions": [{"lang": "en", "value": "CAPEC-100 Overflow Buffers"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-120", "description": "CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "41c37e40-543d-43a2-b660-2fee83ea851a", "shortName": "Pentraze", "dateUpdated": "2024-04-09T23:55:57.410Z"}, "references": [{"url": "https://github.com/irontec/sngrep/pull/480/commits/f229a5d31b0be6a6cc3ab4cd9bfa4a1b5c5714c6"}, {"url": "https://github.com/irontec/sngrep/releases/tag/v1.8.1"}, {"url": "https://pentraze.com/vulnerability-reports/"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Upgrade to sngrep version 1.8.1"}], "value": "Upgrade to sngrep version 1.8.1"}], "source": {"discovery": "UNKNOWN"}, "title": "Stack-Buffer Overflow in 'Content-Length' and 'Warning' Header Processing in sngrep", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"affected": [{"vendor": "irontec", "product": "sngrep", "cpes": ["cpe:2.3:a:irontec:sngrep:1.4.1:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "1.4.1", "status": "affected", "lessThanOrEqual": "1.8.0", "versionType": "custom"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-04-11T17:09:06.528600Z", "id": "CVE-2024-3120", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-03T18:33:22.083Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T19:32:42.908Z"}, "title": "CVE Program Container", "references": [{"url": "https://github.com/irontec/sngrep/pull/480/commits/f229a5d31b0be6a6cc3ab4cd9bfa4a1b5c5714c6", "tags": ["x_transferred"]}, {"url": "https://github.com/irontec/sngrep/releases/tag/v1.8.1", "tags": ["x_transferred"]}, {"url": "https://pentraze.com/vulnerability-reports/", "tags": ["x_transferred"]}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://github.com/irontec/sngrep/pull/480/commits/f229a5d31b0be6a6cc3ab4cd9bfa4a1b5c5714c6", "tags": ["x_transferred"]}, {"url": "https://github.com/irontec/sngrep/releases/tag/v1.8.1", "tags": ["x_transferred"]}, {"url": "https://pentraze.com/vulnerability-reports/", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T19:32:42.908Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-3120", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-04-11T17:09:06.528600Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:irontec:sngrep:1.4.1:*:*:*:*:*:*:*"], "vendor": "irontec", "product": "sngrep", "versions": [{"status": "affected", "version": "1.4.1", "versionType": "custom", "lessThanOrEqual": "1.8.0"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-03T18:33:09.616Z"}}], "cna": {"title": "Stack-Buffer Overflow in 'Content-Length' and 'Warning' Header Processing in sngrep", "source": {"discovery": "UNKNOWN"}, "impacts": [{"capecId": "CAPEC-100", "descriptions": [{"lang": "en", "value": "CAPEC-100 Overflow Buffers"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 9, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "irontec", "product": "sngrep", "versions": [{"status": "affected", "version": "1.4.1", "versionType": "semver", "lessThanOrEqual": "1.8.0"}], "platforms": ["Linux"], "defaultStatus": "unaffected"}], "solutions": [{"lang": "en", "value": "Upgrade to sngrep version 1.8.1", "supportingMedia": [{"type": "text/html", "value": "Upgrade to sngrep version 1.8.1", "base64": false}]}], "datePublic": "2024-04-09T23:52:00.000Z", "references": [{"url": "https://github.com/irontec/sngrep/pull/480/commits/f229a5d31b0be6a6cc3ab4cd9bfa4a1b5c5714c6"}, {"url": "https://github.com/irontec/sngrep/releases/tag/v1.8.1"}, {"url": "https://pentraze.com/vulnerability-reports/"}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}, "descriptions": [{"lang": "en", "value": "A stack-buffer overflow vulnerability exists in all versions of sngrep since v1.4.1. The flaw is due to inadequate bounds checking when copying 'Content-Length' and 'Warning' headers into fixed-size buffers in the sip_validate_packet and sip_parse_extra_headers functions within src/sip.c. This vulnerability allows remote attackers to execute arbitrary code or cause a denial of service (DoS) via crafted SIP\u00a0messages.", "supportingMedia": [{"type": "text/html", "value": "A stack-buffer overflow vulnerability exists in all versions of sngrep since v1.4.1. The flaw is due to inadequate bounds checking when copying 'Content-Length' and 'Warning' headers into fixed-size buffers in the sip_validate_packet and sip_parse_extra_headers functions within src/sip.c. This vulnerability allows remote attackers to execute arbitrary code or cause a denial of service (DoS) via crafted SIP messages.", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-120", "description": "CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')"}]}], "providerMetadata": {"orgId": "41c37e40-543d-43a2-b660-2fee83ea851a", "shortName": "Pentraze", "dateUpdated": "2024-04-09T23:55:57.410Z"}}}, "cveMetadata": {"cveId": "CVE-2024-3120", "state": "PUBLISHED", "dateUpdated": "2024-08-01T19:32:42.908Z", "dateReserved": "2024-03-31T17:10:14.906Z", "assignerOrgId": "41c37e40-543d-43a2-b660-2fee83ea851a", "datePublished": "2024-04-09T23:55:57.410Z", "assignerShortName": "Pentraze"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "A stack-buffer overflow vulnerability exists in all versions of sngrep since v1.4.1. The flaw is due to inadequate bounds checking when copying 'Content-Length' and 'Warning' headers into fixed-size buffers in the sip_validate_packet and sip_parse_extra_headers functions within src/sip.c. This vulnerability allows remote attackers to execute arbitrary code or cause a denial of service (DoS) via crafted SIP\u00a0messages."}, {"lang": "es", "value": "Existe una vulnerabilidad de desbordamiento de b\u00fafer en la regi\u00f3n stack de la memoria en todas las versiones de sngrep desde la v1.4.1. La falla se debe a una verificaci\u00f3n inadecuada de los l\u00edmites al copiar los encabezados 'Content-Length' y 'Warning' en b\u00faferes de tama\u00f1o fijo en las funciones sip_validate_packet y sip_parse_extra_headers dentro de src/sip.c. Esta vulnerabilidad permite a atacantes remotos ejecutar c\u00f3digo arbitrario o provocar una denegaci\u00f3n de servicio (DoS) a trav\u00e9s de mensajes SIP manipulados."}], "id": "CVE-2024-3120", "lastModified": "2024-04-10T13:23:38.787", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.0, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.2, "impactScore": 6.0, "source": "41c37e40-543d-43a2-b660-2fee83ea851a", "type": "Secondary"}]}, "published": "2024-04-10T00:15:12.340", "references": [{"source": "41c37e40-543d-43a2-b660-2fee83ea851a", "url": "https://github.com/irontec/sngrep/pull/480/commits/f229a5d31b0be6a6cc3ab4cd9bfa4a1b5c5714c6"}, {"source": "41c37e40-543d-43a2-b660-2fee83ea851a", "url": "https://github.com/irontec/sngrep/releases/tag/v1.8.1"}, {"source": "41c37e40-543d-43a2-b660-2fee83ea851a", "url": "https://pentraze.com/vulnerability-reports/"}], "sourceIdentifier": "41c37e40-543d-43a2-b660-2fee83ea851a", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-120"}], "source": "41c37e40-543d-43a2-b660-2fee83ea851a", "type": "Secondary"}]}