CVE-2018-12584

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2018-12584
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-12584.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2018-12584
Downstream
Published
2018-07-16T20:29:00Z
Modified
2025-10-21T04:28:29.887966Z
Severity
  • 9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

The ConnectionBase::preparseNewBytes function in resip/stack/ConnectionBase.cxx in reSIProcate through 1.10.2 allows remote attackers to cause a denial of service (buffer overflow) or possibly execute arbitrary code when TLS communication is enabled.

References

Affected packages

Git / github.com/resiprocate/resiprocate

Affected ranges

Type
GIT
Repo
https://github.com/resiprocate/resiprocate
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
2cb291191c93c7c4e371e22cb89805a5b31d6608

Affected versions

resiprocate-1.*

resiprocate-1.10.0_alpha1
resiprocate-1.10.0_alpha2
resiprocate-1.10.0_alpha3
resiprocate-1.10.0_alpha4
resiprocate-1.10.0_beta1
resiprocate-1.10.0_beta2
resiprocate-1.11.0_alpha1
resiprocate-1.11.0_alpha10
resiprocate-1.11.0_alpha11
resiprocate-1.11.0_alpha2
resiprocate-1.11.0_alpha3
resiprocate-1.11.0_alpha4
resiprocate-1.11.0_alpha5
resiprocate-1.11.0_alpha6
resiprocate-1.11.0_alpha7
resiprocate-1.11.0_alpha8
resiprocate-1.11.0_alpha9
resiprocate-1.11.0_beta1
resiprocate-1.11.0_beta2
resiprocate-1.11.0_beta3
resiprocate-1.11.0_beta4
resiprocate-1.11.0_beta5

Database specific

vanir_signatures

[
    {
        "signature_type": "Line",
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "178007103552507550579810376132377140385",
                "173992908705831645411808277503224922305",
                "50554873215173466783289028907298373026",
                "98168916845416611335407520653460520446",
                "74814719768476633761236422036907966049",
                "85034238564629132549601043780386375497",
                "132171870175668759357258859621412560200",
                "117434914664648003928238649723361089808",
                "232812770327501620566202059740027415932",
                "226851229450964725983602165267031443005",
                "39761695400498134734070570780654339565",
                "262377287743590938540800189458590266101",
                "84809140518011335890828229181535224530",
                "313034784951355725028364086318449601377",
                "248522007255775402721843824164126429923",
                "20886035095101740777309533583067574114",
                "76389818129287673917936469876338961422",
                "10011605700828042744260629277411451287",
                "80441884412579238464548431153228920050"
            ]
        },
        "target": {
            "file": "resip/stack/ConnectionBase.cxx"
        },
        "signature_version": "v1",
        "id": "CVE-2018-12584-1f61868f",
        "deprecated": false,
        "source": "https://github.com/resiprocate/resiprocate/commit/2cb291191c93c7c4e371e22cb89805a5b31d6608"
    },
    {
        "signature_type": "Function",
        "digest": {
            "function_hash": "100331230615351000510461227701829668167",
            "length": 7206.0
        },
        "target": {
            "file": "resip/stack/ConnectionBase.cxx",
            "function": "ConnectionBase::preparseNewBytes"
        },
        "signature_version": "v1",
        "id": "CVE-2018-12584-30592e15",
        "deprecated": false,
        "source": "https://github.com/resiprocate/resiprocate/commit/2cb291191c93c7c4e371e22cb89805a5b31d6608"
    }
]