Candidate: CVE-2016-10324
PublicDate: 2017-04-13 16:59:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10324
Description:
 In libosip2 in GNU oSIP 4.1.0, a malformed SIP message can lead to a heap
 buffer overflow in the osip_clrncpy() function defined in
 osipparser2/osip_port.c.
Ubuntu-Description:
Notes:
Bugs:
 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=860287
 https://savannah.gnu.org/support/index.php?109133
Priority: medium
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H [9.8 CRITICAL]

Patches_libosip2:
 upstream: https://git.savannah.gnu.org/cgit/osip.git/commit/?id=7e0793e15e21f68337e130c67b031ca38edf055f
upstream_libosip2: needs-triage
precise_libosip2: ignored (reached end-of-life)
precise/esm_libosip2: DNE (precise was needed)
trusty_libosip2: ignored (reached end-of-life)
trusty/esm_libosip2: DNE (trusty was needed)
vivid/stable-phone-overlay_libosip2: DNE
vivid/ubuntu-core_libosip2: DNE
xenial_libosip2: released (4.1.0-2+deb8u1build0.16.04.1)
yakkety_libosip2: released (4.1.0-2+deb8u1build0.16.10.1)
zesty_libosip2: released (4.1.0-2+deb8u1build0.17.04.1)
artful_libosip2: not-affected (4.1.0-2.1)
bionic_libosip2: not-affected (4.1.0-2.1)
cosmic_libosip2: not-affected (4.1.0-2.1)
disco_libosip2: not-affected (4.1.0-2.1)
devel_libosip2: not-affected (4.1.0-2.1)