Remote attackers to cause a denial of service (daemon crash) via a crafted UDP message that leads to a failure of the libsofia-sip-ua/tport/tport.c self assertion.
Update to sofia-sip >= 1.13.14 to remove the vulnerability.
tport_t *tport_tsend(tport_t *self,
msg_t *msg,
tp_name_t const *_tpn,
tag_type_t tag, tag_value_t value, ...)
{
[...]
assert(self); // should not assert here when there's if (!self) right below
handling that gracefully
if (!self || !msg || !_tpn) {
msg_set_errno(msg, EINVAL);
return NULL;
}
[...]
}
Remote attackers to cause a denial of service (daemon crash) via a crafted UDP message that leads to a failure of the libsofia-sip-ua/tport/tport.c self assertion.
Update to sofia-sip >= 1.13.14 to remove the vulnerability.
The issue was initially reported to another project drachtio/drachtio-server#244
and fixed in the fork davehorton/sofia-sip@13b2a13