GitHub_MCVELIST:CVE-2022-31003CVE-2022-31003 Heap-based Buffer Overflow and Out-of-bounds Write in Sofia-SIP
9.1 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
9.9 High
AI Score
Confidence
High
0.027 Low
EPSS
Percentile
90.6%
Sofia-SIP is an open-source Session Initiation Protocol (SIP) User-Agent library. Prior to version 1.13.8, when parsing each line of a sdp message, rest = record + 2 will access the memory behind \0 and cause an out-of-bounds write. An attacker can send a message with evil sdp to FreeSWITCH, causing a crash or more serious consequence, such as remote code execution. Version 1.13.8 contains a patch for this issue.
CNA Affected
[
{
"vendor": "freeswitch",
"product": "sofia-sip",
"versions": [
{
"version": "< 1.13.8",
"status": "affected"
}
]
}
]Related
9.1 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
9.9 High
AI Score
Confidence
High
0.027 Low
EPSS
Percentile
90.6%