Impact
In the Linux kernel, parsing of SIP port numbers previously used simple_strtoul, which assumes NUL‑terminated strings and performs no bounds checking after skb data extraction. This could lead to memory corruption when receiving malformed SIP packets. The patch replaces these calls with a stricter helper that validates each digit against buffer limits, ensures numbers stay within UINT_MAX, and rejects excessively long sequences. By securing this parsing logic, the kernel no longer risks out‑of‑bounds reads or integer overflows caused by malformed input, preventing a potential denial‑of‑service condition.
Affected Systems
The vulnerability exists in the nf_conntrack_sip helper used by the Linux kernel's netfilter subsystem. All kernel versions that include the nf_conntrack_sip module and contain the old parsing code are impacted. The affected products are generic Linux kernels; specific versions are not listed in the CVE data. Systems that process SIP traffic through netfilter conntrack should update to a kernel version that includes the patch.
Risk and Exploitability
The CVSS score of 9.8 indicates a critical severity, and the use of unbounded parsing suggests a moderate to high risk for a kernel sending crafted SIP packets over the network a vulnerable host. EPSS score is <1%, and the issue is not listed in CISA KEV, indicating no known widespread exploitation as of the data release. Operators should treat this as a potential denial‑of‑service threat and apply the kernel update promptly.
OpenCVE Enrichment
Debian DLA