In libosip2 in GNU oSIP 4.1.0, a malformed SIP message can lead to a heap buffer overflow in the osipmessagetostr() function defined in osipparser2/osipmessageto_str.c, resulting in a remote DoS.
{ "urgency": "not yet assigned" }