FreeSWITCH Route Header Value Handling DoS

Medium Nessus Plugin ID 63203


The remote SIP service is affected by a denial of service vulnerability.


According to its self-reported version, the remote FreeSWITCH install is affected by a denial of service vulnerability in the Sofia SIP stack. A remote attacker can exploit this, via a specially crafted INVITE request with a 'Route' value containing a long list, to crash the service.


Upgrade to FreeSWITCH version 1.3.0 commit 016550f218fb0ea54aa6163d6a6eb7e02539da5e or later.

See Also

Plugin Details

Severity: Medium

ID: 63203

File Name: freeswitch_fs4627.nasl

Version: $Revision: 1.5 $

Type: remote

Family: Misc.

Published: 2012/12/10

Modified: 2017/05/16

Dependencies: 88697

Risk Information

Risk Factor: Medium


Base Score: 5

Temporal Score: 4.8

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P

Temporal Vector: CVSS2#E:F/RL:U/RC:ND

Vulnerability Information

CPE: cpe:/a:freeswitch:freeswitch

Required KB Items: Settings/ParanoidReport, sip/freeswitch/present

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2012/09/18

Vulnerability Publication Date: 2012/09/18

Reference Information

BID: 55599