Shannon Baseband acfg / pcfg SDP Attribute Memory Corruption

Shannon Baseband suffers from a memory corruption vulnerability that occurs when the baseband modem processes SDP when setting up a call. SDP supports attributes acfg and pcfg that allow configuration information to be specified as integers. The baseband software allocates a fixed-size buffer for this information, but does not check that the number of integers specified by the SDP is within this bound. This can lead to memory corruption when processing an acfg or pcfg attribute that contains more than …

attributes baseband buffer call check configuration corruption information memory memory corruption modem processes sdp size software vulnerability