Security Advisories

Published security advisories covering vulnerabilities in VoIP, WebRTC, and telecommunications software by Enable Security.

security advisories

Nov 20, 2020

sngrep: stack overflow via malformed SDP connection address

sngrep denial of service

Nov 6, 2020

Asterisk: crash via INVITE flood over TCP Medium 5.3

CVE-2020-28327 asterisk denial of service

Sep 1, 2020

Kamailio: header smuggling via remove_hf bypass Medium 5.4

CVE-2020-28361 kamailio

Mar 19, 2018

Kamailio: off-by-one heap overflow Critical 9.8

CVE-2018-8828 kamailio heap overflow denial of service

Feb 22, 2018

Asterisk PJSIP: stack corruption via large Accept header in SUBSCRIBE High 7.5

CVE-2018-7284 asterisk pjsip stack corruption denial of service

Feb 22, 2018

Asterisk PJSIP: crash via repeated INVITE messages over TCP/TLS Medium 6.5

CVE-2018-7286 asterisk pjsip denial of service

Feb 22, 2018

Asterisk PJSIP: crash via invalid SDP media format description High 7.5

CVE-2018-1000098 asterisk pjsip denial of service

Feb 22, 2018

Asterisk PJSIP: crash via invalid SDP fmtp attribute High 7.5

CVE-2018-1000099 asterisk pjsip denial of service

Sep 1, 2017

Asterisk: RTP Bleed vulnerability High 7.5

CVE-2017-14099 asterisk owasp

May 23, 2017

Asterisk PJSIP: heap overflow in CSeq header parsing High 7.5

CVE-2017-9372 asterisk pjsip heap overflow