CVE-2021-43610

Published: Nov 12, 2021Modified: Nov 21, 2024

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

Belledonne Belle-sip before 5.0.20 can crash applications such as Linphone via an invalid From header (request URI without a parameter) in an unauthenticated SIP message, a different issue than CVE-2021-33056.

Affected (1)

Products: Linphone: Belle Sip

Linphone

1 product

Belle Sip

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Linphone Belle Sip	Before 5.0.20

Related CWEs

CWE-444

Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')

The product acts as an intermediary HTTP agent (such as a proxy or firewall) in the data flow between two entities such as a client and server, but it does not interpret malformed HTTP requests or responses in ways that are consistent with how the messages will be processed by those entities that are at the ultimate destination.

References (4)

https://github.com/BelledonneCommunications/belle-sip/commit/d3f0651531e45e91c2e60f3a16a8b612802e5d2d

Source: cve@mitre.org

PatchThird Party Advisory

https://github.com/BelledonneCommunications/belle-sip/compare/5.0.18...5.0.20

Source: cve@mitre.org

PatchThird Party Advisory

https://github.com/BelledonneCommunications/belle-sip/commit/d3f0651531e45e91c2e60f3a16a8b612802e5d2d

Source: af854a3a-2127-422b-91ae-364da2661108

PatchThird Party Advisory

https://github.com/BelledonneCommunications/belle-sip/compare/5.0.18...5.0.20

Source: af854a3a-2127-422b-91ae-364da2661108

PatchThird Party Advisory

Timeline

No history available yet.