Vulnerability Allows Remote DoS Attacks Against Apps Using Linphone SIP Stack


Malicious actors could use a major vulnerability in the Linphone Session Initiation Protocol (SIP) client suite to crash applications from afar.

By delivering a specifically designed INVITE request to the targeted client, the security flaw, dubbed CVE202133056 and described as a NULL pointer dereference, can be exploited remotely and without user input. The client crashes as a result of the exploit, resulting in a denial of service (DoS) situation.

Read More…