SIPp/sipp
Releases30
Frequency5 months 1 day
Last Release
Stars1.13K
The SIPp testing tool
CVE History
| CVE | Affected | Published | CVSS v3 | CVSS v2 |
|---|---|---|---|---|
| — | 8.4 HIGH | — | ||
SIPp 3.6 and earlier contains a local buffer overflow vulnerability in command-line argument handling that allows local attackers to crash the application or execute arbitrary code. Attackers can trigger the vulnerability by supplying oversized input to the -3pcc, -i, or -log_file parameters, causing strcpy to write beyond buffer boundaries in sipp.cpp. | ||||
| = 3.3 | 8.4 HIGH | — | ||
SIPP 3.3 contains a stack-based buffer overflow vulnerability that allows local unauthenticated attackers to execute arbitrary code by supplying malicious input in the configuration file. Attackers can craft a configuration file with oversized values that overflow a stack buffer, overwriting the return address and executing arbitrary code through return-oriented programming gadgets. | ||||