CVE Catalog

CVE-2018-25356

High
Published: Translated: NVD NIST

Summary

SIPp 3.6 and earlier contains a local buffer overflow vulnerability in command-line argument handling that allows local attackers to crash the application or execute arbitrary code.

Risk Assessment

Attackers can exploit this vulnerability by supplying oversized input to the -3pcc, -i, or -log_file parameters, leading to uncontrolled memory writes.

Recommendation

It is recommended to update to the latest version of SIPp to mitigate this vulnerability and to monitor application logs for potential attack attempts.

Original NVD description (English source)

SIPp 3.6 and earlier contains a local buffer overflow vulnerability in command-line argument handling that allows local attackers to crash the application or execute arbitrary code. Attackers can trigger the vulnerability by supplying oversized input to the -3pcc, -i, or -log_file parameters, causing strcpy to write beyond buffer boundaries in sipp.cpp.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS