Vulnerability Allows Remote DoS Attacks Against Apps Using Linphone SIP Stack
01-Sep-21
Malicious actors could use a major vulnerability in the Linphone Session Initiation Protocol (SIP) client suite to crash applications from afar.
By delivering a specifically designed INVITE request to the targeted client, the security flaw, dubbed CVE202133056 and described as a NULL pointer dereference, can be exploited remotely and without user input. The client crashes as a result of the exploit, resulting in a denial of service (DoS) situation.
