FreeSWITCH Route Header Value Handling DoS
Medium Nessus Plugin ID 63203
SynopsisThe remote SIP service is affected by a denial of service vulnerability.
DescriptionAccording to its self-reported version, the remote FreeSWITCH install is affected by a denial of service vulnerability in the Sofia SIP stack. A remote attacker can exploit this, via a specially crafted INVITE request with a 'Route' value containing a long list, to crash the service.
SolutionUpgrade to FreeSWITCH version 1.3.0 commit 016550f218fb0ea54aa6163d6a6eb7e02539da5e or later.