Security News > 2021 > September > Linphone SIP Stack Bug Could Let Attackers Remotely Crash Client Devices

Linphone SIP Stack Bug Could Let Attackers Remotely Crash Client Devices
2021-09-02 04:58

Cybersecurity researchers on Tuesday disclosed details about a zero-click security vulnerability in Linphone Session Initiation Protocol stack that could be remotely exploited without any action from a victim to crash the SIP client and cause a denial-of-service condition.

Linphone is an open-source and cross-platform SIP client with support for voice and video calls, end-to-end encrypted messaging, and audio conference calls, among others.

To that end, the remotely exploitable vulnerability can be activated by adding a malicious forward slash to a SIP message header such as To, From, or Diversion, resulting in a crash of the SIP client application that uses the belle-sip library to handle and parse SIP messages.

"Therefore, a generic URI such as a simple single forward slash will be considered a SIP URI. This means that the given URI will not contain a valid SIP scheme, and so when the [string] compare function is called with the non-existent scheme, a null pointer dereference will be triggered and crash the SIP client."

It's worth noting that the flaw is also a zero-click vulnerability as it's possible to cause the SIP client to crash simply by sending an INVITE SIP request with a specially-crafted From/To/Diversion header.

As a consequence, any application that uses belle-sip to analyze SIP messages will be rendered unavailable upon receiving a malicious SIP "Call."


News URL

http://feedproxy.google.com/~r/TheHackersNews/~3/xH931z1FQJo/linphone-sip-stack-bug-could-let.html