Tags › Denial of Service

SIPGO: Response DoS vulnerability via nil pointer dereference

• CVSS v4.0
  • Exploitability: High
  • Complexity: Low
  • Vulnerable system: High
  • Subsequent system: None
  • Exploitation: High
  • Security requirements: High
  • Vector: link
• Other references:
  • CVE-2025-68274
  • GHSA-c623-f998-8hhv
  • CWE-476: NULL Pointer Dereference
  • CWE-755: Improper Handling of Exceptional Conditions
• Fixed versions: >= v1.0.0-alpha-1
• Enable Security Advisory: https://www.enablesecurity.com/advisories/ES2025-02-sipgo-response-dos/
• Reproduction tools: https://github.com/EnableSecurity/advisories/tree/master/ES2025-02-sipgo-response-dos
• Tested vulnerable versions: >= v0.3.0, < v1.0.0-alpha-1
• Timeline:
  • First discovery: 2025-08-31
  • Root cause analysis: 2025-08-31
  • Fix developed: 2025-08-31
  • Regression tests created: 2025-08-31
  • Enable Security advisory: 2025-12-17

Description

A nil pointer dereference vulnerability was discovered in the SIPGO library’s NewResponseFromRequest function that affects all normal SIP operations. The vulnerability allows remote attackers to crash any SIP application by sending a single malformed SIP request without a To header.

Sandro talks RTC Security with Safety Detectives

Our CEO discusses why generic security tools fail for voice protocols, how ESAP addresses RTC-specific vulnerabilities, and emerging AI threats in real-time communications.…

Rtpengine RTP Injection and Media Bleed Vulnerabilities (CVE-2025-53399)

We published a critical security advisory for rtpengine affecting versions mr13.3.1.4 and lower, allowing RTP injection and media redirection attacks. These vulnerabilities can be exploited without man-in-the-middle positioning and affect both plaintext RTP and encrypted SRTP sessions. Organizations should upgrade to mr13.4.1.1 and review configuration settings.…

New White Paper: DTLS “ClientHello” Race Conditions in WebRTC Implementations

Our white paper on DTLS ClientHello race conditions in WebRTC reveals vulnerabilities in RTPEngine, Asterisk, FreeSWITCH, and Skype. We tested platforms including Janus, Discord, Google Meet, and Zoom, and provide mitigation strategies for secure real-time communication.…

A Novel DoS Vulnerability affecting WebRTC Media Servers

Executive summary (TL;DR)

A critical denial-of-service (DoS) vulnerability has been identified in media servers that process WebRTC’s DTLS-SRTP, specifically in their handling of ClientHello messages. This vulnerability arises from a race condition between ICE and DTLS traffic and can be exploited to disrupt media sessions, compromising the availability of real-time communication services. Mitigations include filtering packets based on ICE-validated IP and port combinations. The article also indicates safe testing methods and strategies for detecting the attack.

FreeSWITCH: denial of service via DTLS Hello packets during call initiation

• Fixed versions: 1.10.11
• Enable Security Advisory: https://www.enablesecurity.com/advisories/ES2023-02-freeswitch-dtls-hello-race/
• Vendor Security Advisory: https://github.com/signalwire/freeswitch/security/advisories/GHSA-39gv-hq72-j6m6
• Other references: CVE-2023-51443
• Tested vulnerable versions: 1.10.10
• Timeline:
  • Report date: 2023-09-27
  • Triaged: 2023-09-27
  • Fix provided for testing: 2023-09-29
  • Vendor release with fix: 2023-12-22
  • Enable Security advisory: 2023-12-22

TL;DR

When handling DTLS-SRTP for media setup, FreeSWITCH is susceptible to Denial of Service due to a race condition in the hello handshake phase of the DTLS protocol. This attack can be done continuously, thus denying new DTLS-SRTP encrypted calls during the attack.

rtpengine: denial of service via DTLS Hello packets during call initiation

• Fixed versions: mr12.1.1.2, mr12.0.1.3, mr11.5.1.16, mr10.5.6.3, mr10.5.6.2, mr9.5.8.2, mr8.5.12.2
• Enable Security Advisory: https://www.enablesecurity.com/advisories/ES2023-03-rtpengine-dtls-hello-race/
• Vendor Patch: https://github.com/sipwise/rtpengine/commit/e969a79428ac4a15cdf1c0a1c6f266dbdc7e60b6
• Other references: CVE-2023-51275
• Tested vulnerable versions: mr11.5.1.6
• Timeline:
  • Report date: 2023-10-02
  • Triaged: 2023-10-02
  • Fix provided for testing: 2023-11-16
  • Enable Security verified fix: 2023-12-14
  • Vendor release with fix: 2023-12-14
  • Enable Security advisory: 2023-12-15

TL;DR

When handling DTLS-SRTP for media setup, RTPEngine is susceptible to Denial of Service due to a race condition in the hello handshake phase of the DTLS protocol. This attack can be done continuously, thus denying new DTLS encrypted calls during the attack.

Asterisk: denial of service via DTLS Hello packets during call initiation

• Fixed versions: 18.20.1, 20.5.1, 21.0.1,18.9-cert6
• Enable Security Advisory: https://www.enablesecurity.com/advisories/ES2023-01-asterisk-dtls-hello-race/
• Vendor Security Advisory: https://github.com/asterisk/asterisk/security/advisories/GHSA-hxj9-xwr8-w8pq
• Other references: CVE-2023-49786
• Tested vulnerable versions: 20.1.0
• Timeline:
  • Report date: 2023-09-27
  • Triaged: 2023-09-27
  • Fix provided for testing: 2023-11-09
  • Vendor release with fix: 2023-12-14
  • Enable Security advisory: 2023-12-15

TL;DR

When handling DTLS-SRTP for media setup, Asterisk is susceptible to Denial of Service due to a race condition in the hello handshake phase of the DTLS protocol. This attack can be done continuously, thus denying new DTLS-SRTP encrypted calls during the attack.

OpenSIPS Security Audit Report is fully disclosed and out there

It’s almost a year since the OpenSIPS project published a minimized version of our security audit report from 2022. Now, the full version has been published, with all the information intact on how to reproduce the vulnerabilities and extra details in an 80+ page report.

The OpenSIPS security audit report can be found here.

What is the OpenSIPS security audit?

OpenSIPS is a SIP server that often has a critical security function within an IP communications system. Thus, it makes absolute sense to perform a thorough security audit for such software. We had been dealing with OpenSIPS servers from time to time in our work so we were rather familiar with the software and the project itself. Then back in January 2021, the lead developer for OpenSIPS, Bogdan-Andrei Iancu, asked us if we would be interested in doing some proper security work. Naturally, our answer was yes please!

How to perform a DDoS attack simulation

TL;DR

A DDoS simulation is a practical exercise that various organisations are capable of doing. Understand the reasons why you would want to do this, then combine custom with off-the-shelf attack tools. Follow the best practices, apply solutions and mitigation; and you can finally answer: what if we got attacked?

Introduction

In this post, we give an overview of how you too can perform your own distributed denial of service (DDoS) simulation exercises. We focus on attacking real-time communications systems because this is an area where DoS attacks can really cause damage. But the instructions and ideas outlined in this text will apply to any system in general that you might need to test. Even if in this article we do not really focus on the defensive side of protecting against DoS, ultimately the goal is to design and implement solutions that actually work for the systems and applications that need to be protected.