CVE-2024-3119 - Vulnerability Details - OpenCVE

A buffer overflow vulnerability exists in all versions of sngrep since v0.4.2, due to improper handling of 'Call-ID' and 'X-Call-ID' SIP headers. The functions sip_get_callid and sip_get_xcallid in sip.c use the strncpy function to copy header contents into fixed-size buffers without checking the data length. This flaw allows remote attackers to execute arbitrary code or cause a denial of service (DoS) through specially crafted SIP messages.

No CVSS v4.0

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Changed

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Irontec	Sngrep

Configuration 1 [-]

cpe:2.3:a:irontec:sngrep:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://github.com/irontec/sngrep/pull/480/commits/73c15c82d14c69df311e05fa75da734faafd365f
https://github.com/irontec/sngrep/releases/tag/v1.8.1
https://pentraze.com/vulnerability-reports/

History

Mon, 03 Feb 2025 18:00:00 +0000

Type	Values Removed	Values Added
First Time appeared		Irontec Irontec sngrep
Weaknesses		CWE-787
CPEs		cpe:2.3:a:irontec:sngrep::::::::
Vendors & Products		Irontec Irontec sngrep

MITRE

Status: PUBLISHED

Assigner: Pentraze

Published: 2024-04-09T23:55:43.501Z

Updated: 2024-08-08T21:20:41.031Z

Reserved: 2024-03-31T17:10:09.267Z

Link: CVE-2024-3119

Vulnrichment

Updated: 2024-08-01T19:32:42.915Z

NVD

Status : Analyzed

Published: 2024-04-10T00:15:12.107

Modified: 2025-02-03T17:43:02.523

Link: CVE-2024-3119

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-3119", "assignerOrgId": "41c37e40-543d-43a2-b660-2fee83ea851a", "state": "PUBLISHED", "assignerShortName": "Pentraze", "dateReserved": "2024-03-31T17:10:09.267Z", "datePublished": "2024-04-09T23:55:43.501Z", "dateUpdated": "2024-08-08T21:20:41.031Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "platforms": ["Linux"], "product": "sngrep", "vendor": "irontec", "versions": [{"lessThanOrEqual": "1.8.0", "status": "affected", "version": "0.4.2", "versionType": "semver"}]}], "datePublic": "2024-04-09T23:10:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "A buffer overflow vulnerability exists in all versions of sngrep since v0.4.2, due to improper handling of 'Call-ID' and 'X-Call-ID' SIP headers. The functions sip_get_callid and sip_get_xcallid in sip.c use the strncpy function to copy header contents into fixed-size buffers without checking the data length. This flaw allows remote attackers to execute arbitrary code or cause a denial of service (DoS) through specially crafted SIP messages.<br>"}], "value": "A buffer overflow vulnerability exists in all versions of sngrep since v0.4.2, due to improper handling of 'Call-ID' and 'X-Call-ID' SIP headers. The functions sip_get_callid and sip_get_xcallid in sip.c use the strncpy function to copy header contents into fixed-size buffers without checking the data length. This flaw allows remote attackers to execute arbitrary code or cause a denial of service (DoS) through specially crafted SIP messages.\n"}], "impacts": [{"capecId": "CAPEC-100", "descriptions": [{"lang": "en", "value": "CAPEC-100 Overflow Buffers"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-120", "description": "CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "41c37e40-543d-43a2-b660-2fee83ea851a", "shortName": "Pentraze", "dateUpdated": "2024-04-09T23:55:43.501Z"}, "references": [{"url": "https://github.com/irontec/sngrep/pull/480/commits/73c15c82d14c69df311e05fa75da734faafd365f"}, {"url": "https://github.com/irontec/sngrep/releases/tag/v1.8.1"}, {"url": "https://pentraze.com/vulnerability-reports/"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Upgrade to sngrep version 1.8.1"}], "value": "Upgrade to sngrep version 1.8.1"}], "source": {"discovery": "UNKNOWN"}, "title": "Stack-Buffer Overflow in 'Call-ID' and 'X-Call-ID' SIP Header Processing in sngrep", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T19:32:42.915Z"}, "title": "CVE Program Container", "references": [{"url": "https://github.com/irontec/sngrep/pull/480/commits/73c15c82d14c69df311e05fa75da734faafd365f", "tags": ["x_transferred"]}, {"url": "https://github.com/irontec/sngrep/releases/tag/v1.8.1", "tags": ["x_transferred"]}, {"url": "https://pentraze.com/vulnerability-reports/", "tags": ["x_transferred"]}]}, {"affected": [{"vendor": "irontec", "product": "sngrep", "cpes": ["cpe:2.3:a:irontec:sngrep:0.4.2:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0.4.2", "status": "affected", "lessThanOrEqual": "1.8.0", "versionType": "custom"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-04-10T19:23:53.437651Z", "id": "CVE-2024-3119", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-08-08T21:20:41.031Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://github.com/irontec/sngrep/pull/480/commits/73c15c82d14c69df311e05fa75da734faafd365f", "tags": ["x_transferred"]}, {"url": "https://github.com/irontec/sngrep/releases/tag/v1.8.1", "tags": ["x_transferred"]}, {"url": "https://pentraze.com/vulnerability-reports/", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T19:32:42.915Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-3119", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-04-10T19:23:53.437651Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:irontec:sngrep:0.4.2:*:*:*:*:*:*:*"], "vendor": "irontec", "product": "sngrep", "versions": [{"status": "affected", "version": "0.4.2", "versionType": "custom", "lessThanOrEqual": "1.8.0"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-08-08T21:20:37.449Z"}}], "cna": {"title": "Stack-Buffer Overflow in 'Call-ID' and 'X-Call-ID' SIP Header Processing in sngrep", "source": {"discovery": "UNKNOWN"}, "impacts": [{"capecId": "CAPEC-100", "descriptions": [{"lang": "en", "value": "CAPEC-100 Overflow Buffers"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 9, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "irontec", "product": "sngrep", "versions": [{"status": "affected", "version": "0.4.2", "versionType": "semver", "lessThanOrEqual": "1.8.0"}], "platforms": ["Linux"], "defaultStatus": "unaffected"}], "solutions": [{"lang": "en", "value": "Upgrade to sngrep version 1.8.1", "supportingMedia": [{"type": "text/html", "value": "Upgrade to sngrep version 1.8.1", "base64": false}]}], "datePublic": "2024-04-09T23:10:00.000Z", "references": [{"url": "https://github.com/irontec/sngrep/pull/480/commits/73c15c82d14c69df311e05fa75da734faafd365f"}, {"url": "https://github.com/irontec/sngrep/releases/tag/v1.8.1"}, {"url": "https://pentraze.com/vulnerability-reports/"}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}, "descriptions": [{"lang": "en", "value": "A buffer overflow vulnerability exists in all versions of sngrep since v0.4.2, due to improper handling of 'Call-ID' and 'X-Call-ID' SIP headers. The functions sip_get_callid and sip_get_xcallid in sip.c use the strncpy function to copy header contents into fixed-size buffers without checking the data length. This flaw allows remote attackers to execute arbitrary code or cause a denial of service (DoS) through specially crafted SIP messages.\n", "supportingMedia": [{"type": "text/html", "value": "A buffer overflow vulnerability exists in all versions of sngrep since v0.4.2, due to improper handling of 'Call-ID' and 'X-Call-ID' SIP headers. The functions sip_get_callid and sip_get_xcallid in sip.c use the strncpy function to copy header contents into fixed-size buffers without checking the data length. This flaw allows remote attackers to execute arbitrary code or cause a denial of service (DoS) through specially crafted SIP messages.<br>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-120", "description": "CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')"}]}], "providerMetadata": {"orgId": "41c37e40-543d-43a2-b660-2fee83ea851a", "shortName": "Pentraze", "dateUpdated": "2024-04-09T23:55:43.501Z"}}}, "cveMetadata": {"cveId": "CVE-2024-3119", "state": "PUBLISHED", "dateUpdated": "2024-08-08T21:20:41.031Z", "dateReserved": "2024-03-31T17:10:09.267Z", "assignerOrgId": "41c37e40-543d-43a2-b660-2fee83ea851a", "datePublished": "2024-04-09T23:55:43.501Z", "assignerShortName": "Pentraze"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:irontec:sngrep:*:*:*:*:*:*:*:*", "matchCriteriaId": "D0F03779-22C5-4146-AC72-7B5B1D8D008E", "versionEndExcluding": "1.8.1", "versionStartIncluding": "0.4.2", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A buffer overflow vulnerability exists in all versions of sngrep since v0.4.2, due to improper handling of 'Call-ID' and 'X-Call-ID' SIP headers. The functions sip_get_callid and sip_get_xcallid in sip.c use the strncpy function to copy header contents into fixed-size buffers without checking the data length. This flaw allows remote attackers to execute arbitrary code or cause a denial of service (DoS) through specially crafted SIP messages.\n"}, {"lang": "es", "value": "Existe una vulnerabilidad de desbordamiento del b\u00fafer en todas las versiones de sngrep desde la v0.4.2, debido al manejo inadecuado de los encabezados SIP 'Call-ID' y 'X-Call-ID'. Las funciones sip_get_callid y sip_get_xcallid en sip.c usan la funci\u00f3n strncpy para copiar el contenido del encabezado en buffers de tama\u00f1o fijo sin verificar la longitud de los datos. Esta falla permite a atacantes remotos ejecutar c\u00f3digo arbitrario o provocar una denegaci\u00f3n de servicio (DoS) a trav\u00e9s de mensajes SIP especialmente manipulados."}], "id": "CVE-2024-3119", "lastModified": "2025-02-03T17:43:02.523", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.0, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.2, "impactScore": 6.0, "source": "41c37e40-543d-43a2-b660-2fee83ea851a", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-04-10T00:15:12.107", "references": [{"source": "41c37e40-543d-43a2-b660-2fee83ea851a", "tags": ["Patch"], "url": "https://github.com/irontec/sngrep/pull/480/commits/73c15c82d14c69df311e05fa75da734faafd365f"}, {"source": "41c37e40-543d-43a2-b660-2fee83ea851a", "tags": ["Release Notes"], "url": "https://github.com/irontec/sngrep/releases/tag/v1.8.1"}, {"source": "41c37e40-543d-43a2-b660-2fee83ea851a", "tags": ["Third Party Advisory"], "url": "https://pentraze.com/vulnerability-reports/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://github.com/irontec/sngrep/pull/480/commits/73c15c82d14c69df311e05fa75da734faafd365f"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Release Notes"], "url": "https://github.com/irontec/sngrep/releases/tag/v1.8.1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://pentraze.com/vulnerability-reports/"}], "sourceIdentifier": "41c37e40-543d-43a2-b660-2fee83ea851a", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-120"}], "source": "41c37e40-543d-43a2-b660-2fee83ea851a", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-787"}], "source": "nvd@nist.gov", "type": "Primary"}]}