Drachtio Server
Monthly
An issue was discovered in the libsofia-sip fork in drachtio-server before 0.8.19. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.
An issue was discovered in the libsofia-sip fork in drachtio-server before 0.8.20. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.
An issue was discovered in drachtio-server before 0.8.20. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.
drachtio-server before 0.8.19 has a heap-based buffer over-read via a long Request-URI in an INVITE request. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.
drachtio-server 0.8.18 has a request-handler.cpp event_cb use-after-free for any request. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.
In drachtio-server 0.8.18, /var/log/drachtio has mode 0777 and drachtio.log has mode 0666. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available.
An issue was discovered in the libsofia-sip fork in drachtio-server before 0.8.19. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.
An issue was discovered in the libsofia-sip fork in drachtio-server before 0.8.20. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.
An issue was discovered in drachtio-server before 0.8.20. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.
drachtio-server before 0.8.19 has a heap-based buffer over-read via a long Request-URI in an INVITE request. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.
drachtio-server 0.8.18 has a request-handler.cpp event_cb use-after-free for any request. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.
In drachtio-server 0.8.18, /var/log/drachtio has mode 0777 and drachtio.log has mode 0666. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available.