Buffer overflow in Cisco Unified_presence_server

CVE-2013-1137

Cisco Unified Presence Server (CUPS) 8.6, 9.0, and 9.1 before 9.1.1 allows remote attackers to cause a denial of service (CPU consumption) via crafted packets to the SIP TCP port, aka Bug ID CSCua89930.

Vulnerability class: Buffer Overflow

EPSS: 0.002 (45.9th percentile) — read the EPSS interpretation.

Affected products

Cisco Unified_presence_server — versions 8.6, 9.0, 9.1
N/a — versions n/a

Weakness classification (CWE)

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer

References

20130227 Cisco Unified Presence Server Denial of Service Vulnerability (x_refsource_CISCO, vendor-advisory, Vendor Advisory)