Permalink
CVE-2026-0710
8.4 HIGH
- CVSS version: 3.1
- Attack vector (AV): LOCAL
- Attack complexity (AC): LOW
- Privileges required (PR): NONE
- User interaction (UI): NONE
- Scope (S): UNCHANGED
- Confidentiality impact (C): HIGH
- Integrity impact (I): HIGH
- Availability impact (A): HIGH
Sipp/sipp: sipp: denial of service and potential arbitrary code execution vulnerability
A flaw was found in SIPp. A remote attacker could exploit this by sending specially crafted Session Initiation Protocol (SIP) messages during an active call. This vulnerability, a NULL pointer dereference, can cause the application to crash, leading to a denial of service. Under specific conditions, it may also allow an attacker to execute unauthorized code, compromising the system's integrity and availability.
References
- https://access.redhat.com/security/cve/CVE-2026-0710 x_refsource_REDHAT vdb-entry
- RHBZ#2427788 issue-tracking x_refsource_REDHAT
Affected products
sipp
- ==3.7.3
Matching in nixpkgs
pkgs.sipp
SIPp testing tool
-
nixos-unstable 3.7.3-unstable-2025-01-22
- nixpkgs-unstable 3.7.3-unstable-2025-01-22
- nixos-unstable-small 3.7.3-unstable-2025-01-22