Multiple format string vulnerabilities in eStara SIP softphone allow remote malicious users to cause a denial of service (hang) via SIP INVITE requests with format string specifiers in the SDP session description, as demonstrated using (1) the field name, (2) the o field (owner/creator and session identifier), or (3) the m field (media name and transport address).
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
estara softphone |