DescriptionThe Open Phone Abstraction Library (opal), as used by (1) Ekiga before 2.0.10 and (2) OpenH323 before 2.2.4, allows remote attackers to cause a denial of service (crash) via an invalid Content-Length header field in Session Initiation Protocol (SIP) packets, which causes a \0 byte to be written to an "attacker-controlled address."
Overall state of this security issue: Resolved
This issue is currently rated as having important severity.
|National Vulnerability Database|
- SUSE-SR:2007:021, published Fri, 19 Oct 2007 17:00:00 +0000