Candidate: CVE-2016-10326
PublicDate: 2017-04-13 16:59:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10326
Description:
 In libosip2 in GNU oSIP 4.1.0, a malformed SIP message can lead to a heap
 buffer overflow in the osip_body_to_str() function defined in
 osipparser2/osip_body.c, resulting in a remote DoS.
Ubuntu-Description:
Notes:
Bugs:
 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=860287
 https://savannah.gnu.org/support/index.php?109132
Priority: medium
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H [7.5 HIGH]

Patches_libosip2:
upstream_libosip2: needs-triage
precise_libosip2: ignored (reached end-of-life)
precise/esm_libosip2: DNE (precise was needed)
trusty_libosip2: ignored (reached end-of-life)
trusty/esm_libosip2: DNE (trusty was needed)
vivid/stable-phone-overlay_libosip2: DNE
vivid/ubuntu-core_libosip2: DNE
xenial_libosip2: released (4.1.0-2+deb8u1build0.16.04.1)
yakkety_libosip2: released (4.1.0-2+deb8u1build0.16.10.1)
zesty_libosip2: released (4.1.0-2+deb8u1build0.17.04.1)
artful_libosip2: not-affected (4.1.0-2.1)
bionic_libosip2: not-affected (4.1.0-2.1)
cosmic_libosip2: not-affected (4.1.0-2.1)
disco_libosip2: not-affected (4.1.0-2.1)
devel_libosip2: not-affected (4.1.0-2.1)