CVE-2009-3704
ZoIPer < 2.24 - Denial of Service via Empty Call-Info Header
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2009-3704. PoCs published by Tomer Bitton.
AI-analyzed exploit summary This exploit sends a malformed SIP INVITE packet to ZoIPer v2.22, triggering a remote denial of service (DoS) due to improper handling of the Call-Info header. The packet is crafted to crash the application on Windows XP SP2/SP3 and Ubuntu 8.10.
Description
ZoIPer 2.22, and possibly other versions before 2.24 Library 5324, allows remote attackers to cause a denial of service (crash) via a SIP INVITE request with an empty Call-Info header.
Exploits (1)
This exploit sends a malformed SIP INVITE packet to ZoIPer v2.22, triggering a remote denial of service (DoS) due to improper handling of the Call-Info header. The packet is crafted to crash the application on Windows XP SP2/SP3 and Ubuntu 8.10.