CVE-2018-25356
HighSummary
SIPp 3.6 and earlier contains a local buffer overflow vulnerability in command-line argument handling that allows local attackers to crash the application or execute arbitrary code.
Risk Assessment
Attackers can exploit this vulnerability by supplying oversized input to the -3pcc, -i, or -log_file parameters, leading to uncontrolled memory writes.
Recommendation
It is recommended to update to the latest version of SIPp to mitigate this vulnerability and to monitor application logs for potential attack attempts.
Original NVD description (English source)
SIPp 3.6 and earlier contains a local buffer overflow vulnerability in command-line argument handling that allows local attackers to crash the application or execute arbitrary code. Attackers can trigger the vulnerability by supplying oversized input to the -3pcc, -i, or -log_file parameters, causing strcpy to write beyond buffer boundaries in sipp.cpp.

