SIPp NULL Pointer Dereference Vulnerability Leading to Denial-of-Service and Potential Arbitrary Code Execution
Vulnerability
A NULL pointer dereference vulnerability has been identified in SIPp version 3.7.3. This flaw occurs in the SendingMessage function, where the application fails to properly validate internal message structures. As a result, a remote attacker can send specially crafted Session Initiation Protocol (SIP) messages during an active call, causing the application to crash and create a denial-of-service condition. Under certain memory layout and runtime conditions, this vulnerability may also be exploited to execute unauthorized code, compromising the system's integrity and availability.
Impact
Exploitation of this vulnerability causes the application to crash, leading to a denial-of-service condition. However, under specific circumstances, it may also allow for local arbitrary code execution, affecting the integrity and availability of the system.
Reproduction
The vulnerability can be reproduced by using a malformed SIP message that exploits the NULL pointer dereference in the SendingMessage function. This can be done by replaying the crafted SIP messages during an active call, using AFLNet replay tooling.
Remediation
Users are advised to upgrade to SIPp version 3.7.6, where this vulnerability has been fixed.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.