DescriptionThe Open Phone Abstraction Library (opal), as used by (1) Ekiga before 2.0.10 and (2) OpenH323 before 2.2.4, allows remote attackers to cause a denial of service (crash) via an invalid Content-Length header field in Session Initiation Protocol (SIP) packets, which causes a \0 byte to be written to an "attacker-controlled address."
Overall state of this security issue: Resolved
This issue is currently rated as having moderate severity.
|National Vulnerability Database|
SUSE Security Advisories:
- SUSE-SR:2007:021, published Fri, 19 Oct 2007 17:00:00 +0000
SUSE Timeline for this CVECVE page created: Tue Jul 9 16:06:10 2013
CVE page last modified: Fri Oct 7 12:45:38 2022