CVE-2026-0710
HIGHCVSS Vector
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
2Description
A flaw was found in SIPp. A remote attacker could exploit this by sending specially crafted Session Initiation Protocol (SIP) messages during an active call. This vulnerability, a NULL pointer dereference, can cause the application to crash, leading to a denial of service. Under specific conditions, it may also allow an attacker to execute unauthorized code, compromising the system's integrity and availability.
Analysis
SIPp is vulnerable to a NULL pointer dereference that can be triggered by remote attackers sending malicious SIP messages during active calls, resulting in application crashes and denial of service. Under certain conditions, this vulnerability may also enable arbitrary code execution, potentially compromising system integrity and availability. …
Sign in for full analysis, threat intelligence, and remediation guidance.
Remediation
Within 24 hours: Inventory all systems running SIPp and assess their exposure in production versus testing environments. Within 7 days: Implement network segmentation to restrict SIPp access to trusted sources only and disable SIPp if not actively required. …
Sign in for detailed remediation steps.
Priority Score
Vendor Status
Share
External POC / Exploit Code
Leaving vuln.today