< Previous by Date Date Index Next by Date >
  Thread Index Next in Thread >

[reSIProcate] Security hotfix (see crash after receiving invalid Via line)


This bug allows an attacker to bring down a SIP element built on the resip stack by sending a request with a single empty Via header. This bug happens when we try to send a 400 to this malformed request. When this is fixed, I propose we backport the fix to the resiprocate-1.0 branch, and release resiprocate-1.0.1 Any objections? (Or, additional bugs of this nature that have been found?)

Best regards,
Byron Campen

Attachment: smime.p7s
Description: S/MIME cryptographic signature