Product
SIPp 3.6 and earlier contains a local buffer overflow vulnerability (CVE-2018-25356) in command-line argument handling, allowing local attackers to potentially crash the application or execute arbitrary code by supplying oversized input to the -3pcc, -i, or -log_file parameters.