彙總 irontec 相關全部產品的 CVE 與安全漏洞情報,包括 CVSS、EPSS、公開時間與漏洞情報資料。
常見弱點模式包括 記憶體損壞、緩衝區溢位與SQL 注入,在 生產負載與軟體部署 使用場景中可能帶來 記憶體損壞、應用程式崩潰與資料外洩 等風險。
相關漏洞資料主要來源於公開漏洞披露與安全公告,可用於評估歷史漏洞暴露面與修補優先順序。
| CVE | 摘要 | 來源 | 最高 CVSS | EPSS % | 公開時間 | 更新時間 |
|---|---|---|---|---|---|---|
| CVE-2024-35434 | Irontec Sngrep v1.8.1 was discovered to contain a heap buffer overflow via the function rtp_check_packet at /sngrep/src/rtp.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted SIP packet. | [email protected] | 7.5 | 0.61% | 2024-05-29 | 2026-06-17 |
| CVE-2024-3120 | A stack-buffer overflow vulnerability exists in all versions of sngrep since v1.4.1. The flaw is due to inadequate bounds checking when copying 'Content-Length' and 'Warning' headers into fixed-size buffers in the sip_validate_packet and sip_parse_extra_headers functions within src/sip.c. This vulnerability allows remote attackers to execute arbitrary code or cause a denial of service (DoS) via crafted SIP messages. | 41c37e40-543d-43a2-b660-2fee83ea851a | 9.0 | 1.80% | 2024-04-09 | 2026-06-17 |
| CVE-2024-3119 | A buffer overflow vulnerability exists in all versions of sngrep since v0.4.2, due to improper handling of 'Call-ID' and 'X-Call-ID' SIP headers. The functions sip_get_callid and sip_get_xcallid in sip.c use the strncpy function to copy header contents into fixed-size buffers without checking the data length. This flaw allows remote attackers to execute arbitrary code or cause a denial of service (DoS) through specially crafted SIP messages. | 41c37e40-543d-43a2-b660-2fee83ea851a | 9.0 | 1.80% | 2024-04-09 | 2026-06-17 |
| CVE-2023-36192 | Sngrep v1.6.0 was discovered to contain a heap buffer overflow via the function capture_ws_check_packet at /src/capture.c. | [email protected] | 7.8 | 0.28% | 2023-06-22 | 2026-06-17 |
| CVE-2023-31982 | Sngrep v1.6.0 was discovered to contain a heap buffer overflow via the function capture_packet_reasm_ip at /src/capture.c. | [email protected] | 7.8 | 0.31% | 2023-05-09 | 2026-06-17 |
| CVE-2023-31981 | Sngrep v1.6.0 was discovered to contain a stack buffer overflow via the function packet_set_payload at /src/packet.c. | [email protected] | 7.8 | 0.31% | 2023-05-09 | 2026-06-17 |
| CVE-2015-10084 | A vulnerability was found in irontec klear-library chloe and classified as critical. Affected by this issue is the function _prepareWhere of the file Controller/Rest/BaseController.php. The manipulation leads to sql injection. Upgrading to version marla is able to address this issue. The name of the patch is b25262de52fdaffde2a4434fc2a84408b304fbc5. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-221504. | [email protected] | 5.5 | 0.69% | 2023-02-21 | 2026-06-16 |