[reSIProcate] Security hotfix (see crash after receiving invalid Via line)
Byron Campen
bcampen at estacado.net
Fri Nov 3 16:01:29 CST 2006
This bug allows an attacker to bring down a SIP element built on the
resip stack by sending a request with a single empty Via header. This
bug happens when we try to send a 400 to this malformed request. When
this is fixed, I propose we backport the fix to the resiprocate-1.0
branch, and release resiprocate-1.0.1 Any objections? (Or, additional
bugs of this nature that have been found?)
Best regards,
Byron Campen
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 2369 bytes
Desc: not available
URL: <http://list.resiprocate.org/pipermail/resiprocate-devel/attachments/20061103/9e59134f/attachment.bin>
More information about the resiprocate-devel
mailing list