irontec CVE Vulnerabilities & Metrics

Focus on irontec vulnerabilities and metrics.

Last updated: 08 Mar 2025, 23:25 UTC

About irontec Security Exposure

This page consolidates all known Common Vulnerabilities and Exposures (CVEs) associated with irontec. We track both calendar-based metrics (using fixed periods) and rolling metrics (using gliding windows) to give you a comprehensive view of security trends and risk evolution. Use these insights to assess risk and plan your patching strategy.

For a broader perspective on cybersecurity threats, explore the comprehensive list of CVEs by vendor and product. Stay updated on critical vulnerabilities affecting major software and hardware providers.

Global CVE Overview

Total irontec CVEs: 6
Earliest CVE date: 21 Feb 2023, 15:15 UTC
Latest CVE date: 10 Apr 2024, 00:15 UTC

Latest CVE reference: CVE-2024-3120

Rolling Stats

30-day Count (Rolling): 0
365-day Count (Rolling): 2

Calendar-based Variation

Calendar-based Variation compares a fixed calendar period (e.g., this month versus the same month last year), while Rolling Growth Rate uses a continuous window (e.g., last 30 days versus the previous 30 days) to capture trends independent of calendar boundaries.

Variations & Growth

Month Variation (Calendar): 0%
Year Variation (Calendar): -33.33%

Month Growth Rate (30-day Rolling): 0.0%
Year Growth Rate (365-day Rolling): -33.33%

Monthly CVE Trends (current vs previous Year)

Annual CVE Trends (Last 20 Years)

Critical irontec CVEs (CVSS ≥ 9) Over 20 Years

CVSS Stats

Average CVSS: 0.87

Max CVSS: 5.2

Critical CVEs (≥9): 0

CVSS Range vs. Count

Range	Count
0.0-3.9	5
4.0-6.9	1
7.0-8.9	0
9.0-10.0	0

CVSS Distribution Chart

Top 5 Highest CVSS irontec CVEs

These are the five CVEs with the highest CVSS scores for irontec, sorted by severity first and recency.

CVE-2015-10084 irontec Published on 21 Feb 2023, 15:15 UTC (CVSS: 5.2)
A vulnerability was found in irontec klear-library chloe and classified as critical. Affected by this issue is the function _prepareWhere of the file Controller/Rest/BaseController.php. The manipulation leads to sql injection. Upgrading to version marla is able to address this issue. The name of the patch is b25262de52fdaffde2a4434fc2a84408b304fbc5. It is recommended to upgrade the affected com...
CVE-2024-3120 irontec Published on 10 Apr 2024, 00:15 UTC (CVSS: 0)
A stack-buffer overflow vulnerability exists in all versions of sngrep since v1.4.1. The flaw is due to inadequate bounds checking when copying 'Content-Length' and 'Warning' headers into fixed-size buffers in the sip_validate_packet and sip_parse_extra_headers functions within src/sip.c. This vulnerability allows remote attackers to execute arbitrary code or cause a denial of service (DoS) via...
CVE-2024-3119 irontec Published on 10 Apr 2024, 00:15 UTC (CVSS: 0)
A buffer overflow vulnerability exists in all versions of sngrep since v0.4.2, due to improper handling of 'Call-ID' and 'X-Call-ID' SIP headers. The functions sip_get_callid and sip_get_xcallid in sip.c use the strncpy function to copy header contents into fixed-size buffers without checking the data length. This flaw allows remote attackers to execute arbitrary code or cause a denial of servi...
CVE-2023-36192 irontec Published on 23 Jun 2023, 02:15 UTC (CVSS: 0)
Sngrep v1.6.0 was discovered to contain a heap buffer overflow via the function capture_ws_check_packet at /src/capture.c.
CVE-2023-31982 irontec Published on 09 May 2023, 14:15 UTC (CVSS: 0)
Sngrep v1.6.0 was discovered to contain a heap buffer overflow via the function capture_packet_reasm_ip at /src/capture.c.

All CVEs for irontec

CVE-2024-3120 irontec vulnerability CVSS: 0 10 Apr 2024, 00:15 UTC

A stack-buffer overflow vulnerability exists in all versions of sngrep since v1.4.1. The flaw is due to inadequate bounds checking when copying 'Content-Length' and 'Warning' headers into fixed-size buffers in the sip_validate_packet and sip_parse_extra_headers functions within src/sip.c. This vulnerability allows remote attackers to execute arbitrary code or cause a denial of service (DoS) via crafted SIP messages.

CVE-2024-3119 irontec vulnerability CVSS: 0 10 Apr 2024, 00:15 UTC

A buffer overflow vulnerability exists in all versions of sngrep since v0.4.2, due to improper handling of 'Call-ID' and 'X-Call-ID' SIP headers. The functions sip_get_callid and sip_get_xcallid in sip.c use the strncpy function to copy header contents into fixed-size buffers without checking the data length. This flaw allows remote attackers to execute arbitrary code or cause a denial of service (DoS) through specially crafted SIP messages.

CVE-2023-36192 irontec vulnerability CVSS: 0 23 Jun 2023, 02:15 UTC

Sngrep v1.6.0 was discovered to contain a heap buffer overflow via the function capture_ws_check_packet at /src/capture.c.

CVE-2023-31982 irontec vulnerability CVSS: 0 09 May 2023, 14:15 UTC

Sngrep v1.6.0 was discovered to contain a heap buffer overflow via the function capture_packet_reasm_ip at /src/capture.c.

CVE-2023-31981 irontec vulnerability CVSS: 0 09 May 2023, 14:15 UTC

Sngrep v1.6.0 was discovered to contain a stack buffer overflow via the function packet_set_payload at /src/packet.c.

CVE-2015-10084 irontec vulnerability CVSS: 5.2 21 Feb 2023, 15:15 UTC

A vulnerability was found in irontec klear-library chloe and classified as critical. Affected by this issue is the function _prepareWhere of the file Controller/Rest/BaseController.php. The manipulation leads to sql injection. Upgrading to version marla is able to address this issue. The name of the patch is b25262de52fdaffde2a4434fc2a84408b304fbc5. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-221504.