{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-0710", "assignerOrgId": "92fb86c3-55a5-4fb5-9c3f-4757b9e96dc5", "state": "PUBLISHED", "assignerShortName": "fedora", "dateReserved": "2026-01-08T06:21:31.656Z", "datePublished": "2026-01-23T03:47:44.867Z", "dateUpdated": "2026-01-23T19:04:04.032Z"}, "containers": {"cna": {"title": "Sipp/sipp: sipp: denial of service and potential arbitrary code execution vulnerability", "metrics": [{"other": {"content": {"value": "Important", "namespace": "https://access.redhat.com/security/updates/classification/"}, "type": "Red Hat severity rating"}}, {"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 8.4, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS"}], "descriptions": [{"lang": "en", "value": "A flaw was found in SIPp. A remote attacker could exploit this by sending specially crafted Session Initiation Protocol (SIP) messages during an active call. This vulnerability, a NULL pointer dereference, can cause the application to crash, leading to a denial of service. Under specific conditions, it may also allow an attacker to execute unauthorized code, compromising the system's integrity and availability."}], "affected": [{"versions": [{"status": "affected", "version": "3.7.3", "versionType": "semver"}], "packageName": "sipp", "collectionURL": "https://github.com/SIPp/sipp", "defaultStatus": "unaffected"}], "references": [{"url": "https://access.redhat.com/security/cve/CVE-2026-0710", "tags": ["vdb-entry", "x_refsource_REDHAT"]}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2427788", "name": "RHBZ#2427788", "tags": ["issue-tracking", "x_refsource_REDHAT"]}], "datePublic": "2026-01-08T00:00:00.000Z", "problemTypes": [{"descriptions": [{"cweId": "CWE-476", "description": "NULL Pointer Dereference", "lang": "en", "type": "CWE"}]}], "x_redhatCweChain": "CWE-476: NULL Pointer Dereference", "timeline": [{"lang": "en", "time": "2026-01-08T06:21:46.727Z", "value": "Reported to Red Hat."}, {"lang": "en", "time": "2026-01-08T00:00:00.000Z", "value": "Made public."}], "credits": [{"lang": "en", "value": "Red Hat would like to thank ChenYiFan Liu, Fanny-wen, and Zhoufan Wen for reporting this issue."}], "providerMetadata": {"orgId": "92fb86c3-55a5-4fb5-9c3f-4757b9e96dc5", "shortName": "fedora", "dateUpdated": "2026-01-23T03:47:44.867Z"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-01-23T19:03:53.215934Z", "id": "CVE-2026-0710", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-01-23T19:04:04.032Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-0710", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-01-23T19:03:53.215934Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-01-23T19:03:59.456Z"}}], "cna": {"title": "Sipp/sipp: sipp: denial of service and potential arbitrary code execution vulnerability", "credits": [{"lang": "en", "value": "Red Hat would like to thank ChenYiFan Liu, Fanny-wen, and Zhoufan Wen for reporting this issue."}], "metrics": [{"other": {"type": "Red Hat severity rating", "content": {"value": "Important", "namespace": "https://access.redhat.com/security/updates/classification/"}}}, {"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.4, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}], "affected": [{"versions": [{"status": "affected", "version": "3.7.3", "versionType": "semver"}], "packageName": "sipp", "collectionURL": "https://github.com/SIPp/sipp", "defaultStatus": "unaffected"}], "timeline": [{"lang": "en", "time": "2026-01-08T06:21:46.727Z", "value": "Reported to Red Hat."}, {"lang": "en", "time": "2026-01-08T00:00:00.000Z", "value": "Made public."}], "datePublic": "2026-01-08T00:00:00.000Z", "references": [{"url": "https://access.redhat.com/security/cve/CVE-2026-0710", "tags": ["vdb-entry", "x_refsource_REDHAT"]}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2427788", "name": "RHBZ#2427788", "tags": ["issue-tracking", "x_refsource_REDHAT"]}], "descriptions": [{"lang": "en", "value": "A flaw was found in SIPp. A remote attacker could exploit this by sending specially crafted Session Initiation Protocol (SIP) messages during an active call. This vulnerability, a NULL pointer dereference, can cause the application to crash, leading to a denial of service. Under specific conditions, it may also allow an attacker to execute unauthorized code, compromising the system's integrity and availability."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-476", "description": "NULL Pointer Dereference"}]}], "providerMetadata": {"orgId": "92fb86c3-55a5-4fb5-9c3f-4757b9e96dc5", "shortName": "fedora", "dateUpdated": "2026-01-23T03:47:44.867Z"}, "x_redhatCweChain": "CWE-476: NULL Pointer Dereference"}}, "cveMetadata": {"cveId": "CVE-2026-0710", "state": "PUBLISHED", "dateUpdated": "2026-01-23T19:04:04.032Z", "dateReserved": "2026-01-08T06:21:31.656Z", "assignerOrgId": "92fb86c3-55a5-4fb5-9c3f-4757b9e96dc5", "datePublished": "2026-01-23T03:47:44.867Z", "assignerShortName": "fedora"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "A flaw was found in SIPp. A remote attacker could exploit this by sending specially crafted Session Initiation Protocol (SIP) messages during an active call. This vulnerability, a NULL pointer dereference, can cause the application to crash, leading to a denial of service. Under specific conditions, it may also allow an attacker to execute unauthorized code, compromising the system's integrity and availability."}, {"lang": "es", "value": "Se encontr\u00f3 una falla en SIPp. Un atacante remoto podr\u00eda explotar esto enviando mensajes del Protocolo de Iniciaci\u00f3n de Sesi\u00f3n (SIP) especialmente dise\u00f1ados durante una llamada activa. Esta vulnerabilidad, una desreferencia de puntero NULL, puede provocar el bloqueo de la aplicaci\u00f3n, lo que lleva a una denegaci\u00f3n de servicio. Bajo condiciones espec\u00edficas, tambi\u00e9n podr\u00eda permitir a un atacante ejecutar c\u00f3digo no autorizado, comprometiendo la integridad y disponibilidad del sistema."}], "id": "CVE-2026-0710", "lastModified": "2026-04-15T00:35:42.020", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 8.4, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.5, "impactScore": 5.9, "source": "patrick@puiterwijk.org", "type": "Secondary"}]}, "published": "2026-01-23T04:16:01.860", "references": [{"source": "patrick@puiterwijk.org", "url": "https://access.redhat.com/security/cve/CVE-2026-0710"}, {"source": "patrick@puiterwijk.org", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2427788"}], "sourceIdentifier": "patrick@puiterwijk.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-476"}], "source": "patrick@puiterwijk.org", "type": "Secondary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-04-18T03:13:40.025748+00:00", "value": {"mitigation_remediation": ["Update SIPp to the latest patched version that addresses the NULL pointer dereference.", "Configure network firewalls to limit SIP traffic to trusted IPs only, blocking any unsolicited SIP packets.", "Enable verbose logging for SIP message parsing and monitor for abnormal or malformed SIP requests, escalating on repeated failures."], "summary": {"action": "Patch ASAP", "impact": "Denial of Service with potential remote code execution"}, "threat_synthesis": {"affected_systems": "The affected product is SIPp. No specific vendor or version information is provided in the CVE, so all deployments of SIPp are potentially impacted until a patch is applied.", "description_and_impact": "SIPp contains a NULL pointer dereference that occurs when it processes specially crafted SIP messages on an active call. The vulnerability can cause the program to crash, resulting in a denial of service. Under certain, unspecified conditions the flaw may also allow an attacker to execute unauthorized code, compromising both system integrity and availability.", "risk_and_exploitability": "The CVSS score of 8.4 classifies this issue as high severity. The EPSS score is less than 1%, indicating that exploitation is currently unlikely but not impossible. The vulnerability is not listed in CISA\u2019s KEV catalog, suggesting no widely available exploit. The attack vector is inferred to be remote and requires an attacker to send malicious SIP traffic to an exposed SIPp instance during an ongoing call."}}}}, "created": "2026-01-23T10:26:36.533493+00:00", "updated": "2026-04-18T03:15:35.436154+00:00", "vendors": ["sipp", "sipp$PRODUCT$sipp"]}