Primary

Context

SIPp Buffer Overflow Vulnerability Allowing Code Execution or Application Crash

Vulnerability

A local buffer overflow vulnerability has been identified in SIPp versions through 3.6. This vulnerability arises from improper handling of command-line arguments, specifically the -3pcc, -i, and -log_file parameters. The issue allows local attackers to cause application crashes or execute arbitrary code by supplying oversized input, which is mishandled by the strcpy function, leading to memory corruption.

Impact

Exploitation of this vulnerability can result in a local application crash or arbitrary code execution.

Reproduction

The vulnerability can be reproduced by using SIPp 3.6 or an earlier version. Oversized input can be sent through the -3pcc, -i, or -log_file command-line parameters. This input will overflow the buffer, allowing for potential code execution or causing the application to crash.

Added: May 26, 2026, 9:12 PM

Updated: May 26, 2026, 9:12 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

4.0

remediation

0.0

relevance

9.2

threat

6.4

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

4.0

remediation

0.0

relevance

9.2

threat

6.4

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

SIPp Buffer Overflow Vulnerability Allowing Code Execution or Application Crash

Vulnerability

Impact

Reproduction

Affected Products

SIPp

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating