292 matches found
Design/Logic Flaw
Sofia-SIP is an open-source Session Initiation Protocol SIP User-Agent library. Prior to version 1.13.8, an attacker can send a message with evil sdp to FreeSWITCH, which may cause a crash. This type of crash may be caused by a URL ending with %. Version 1.13.8 contains a patch for this issue...
UBUNTU-CVE-2022-31002
Sofia-SIP is an open-source Session Initiation Protocol SIP User-Agent library. Prior to version 1.13.8, an attacker can send a message with evil sdp to FreeSWITCH, which may cause a crash. This type of crash may be caused by a URL ending with %. Version 1.13.8 contains a patch for this issue...
Sofia-SIP 缓冲区错误漏洞
Sofia-SIP is an open source SIP user agent library from the individual developers of freeswitch that conforms to the IETF RFC3261 specification. A security vulnerability exists in Sofia-SIP, which stems from an out-of-bounds write to memory accessed by an application parsing sdp messages. An...
Sofia-SIP 缓冲区错误漏洞
Sofia-SIP is an open source SIP user agent library from the individual developers of freeswitch, compliant with the IETF RFC3261 specification. A buffer error vulnerability exists in Sofia-SIP versions prior to 1.13.8, which stems from a problematic define MATCHs, m strncmps, m, n = sizeofm - 1 =...
Sofia-SIP 缓冲区错误漏洞
Sofia-SIP is an open source SIP user agent library from the individual developers of freeswitch that conforms to the IETF RFC3261 specification. A buffer error vulnerability exists in Sofia-SIP versions prior to 1.13.8, which stems from an application's failure to efficiently handle URLs ending i...
CVE-2022-31001
Sofia-SIP (library) is affected by CVE-2022-31001, CVE-2022-31002, and CVE-2022-31003. In pre-1.13.8 releases, processing specially crafted SDP messages could cause crashes via out-of-bounds access or related memory violations (notably linked to the MATCH macro and SDP parsing issues). A patch wa...
CVE-2022-31002 Out-of-bounds Read in Sofia-SIP
Sofia-SIP is an open-source Session Initiation Protocol SIP User-Agent library. Prior to version 1.13.8, an attacker can send a message with evil sdp to FreeSWITCH, which may cause a crash. This type of crash may be caused by a URL ending with %. Version 1.13.8 contains a patch for this issue...
CVE-2022-31003 Heap-based Buffer Overflow and Out-of-bounds Write in Sofia-SIP
Sofia-SIP is an open-source Session Initiation Protocol SIP User-Agent library. Prior to version 1.13.8, when parsing each line of a sdp message, rest = record + 2 will access the memory behind \0 and cause an out-of-bounds write. An attacker can send a message with evil sdp to FreeSWITCH, causin...
PT-2022-20449 · Sofia-Sip +4 · Sofia-Sip +4
Name of the Vulnerable Software and Affected Versions: Sofia-SIP versions prior to 1.13.8 Description: Sofia-SIP is an open-source Session Initiation Protocol SIP User-Agent library. An attacker can send a message with evil sdp to FreeSWITCH, which may cause a crash. This type of crash may be...
PT-2022-20448
Name of the Vulnerable Software and Affected Versions Sofia-SIP versions prior to 1.13.8 Description Sofia-SIP is an open-source Session Initiation Protocol SIP User-Agent library. An attacker can send a message with malicious sdp to FreeSWITCH, which may cause a crash. This type of crash may be...
CVE-2022-31001 Out-of-bounds Read in Sofia-SIP
Sofia-SIP is an open-source Session Initiation Protocol SIP User-Agent library. Prior to version 1.13.8, an attacker can send a message with evil sdp to FreeSWITCH, which may cause crash. This type of crash may be caused by define MATCHs, m strncmps, m, n = sizeofm - 1 == 0, which will make n...
CVE-2022-31001
Sofia-SIP is an open-source Session Initiation Protocol SIP User-Agent library. Prior to version 1.13.8, an attacker can send a message with evil sdp to FreeSWITCH, which may cause crash. This type of crash may be caused by define MATCHs, m strncmps, m, n = sizeofm - 1 == 0, which will make n...
CVE-2022-31003
Sofia-SIP is an open-source Session Initiation Protocol SIP User-Agent library. Prior to version 1.13.8, when parsing each line of a sdp message, rest = record + 2 will access the memory behind \0 and cause an out-of-bounds write. An attacker can send a message with evil sdp to FreeSWITCH, causin...
CVE-2022-31002
Sofia-SIP is an open-source Session Initiation Protocol SIP User-Agent library. Prior to version 1.13.8, an attacker can send a message with evil sdp to FreeSWITCH, which may cause a crash. This type of crash may be caused by a URL ending with %. Version 1.13.8 contains a patch for this issue...
CVE-2022-31003
Sofia-SIP is an open-source Session Initiation Protocol SIP User-Agent library. Prior to version 1.13.8, when parsing each line of a sdp message, rest = record + 2 will access the memory behind \0 and cause an out-of-bounds write. An attacker can send a message with evil sdp to FreeSWITCH, causin...
CVE-2022-31002
Sofia-SIP is an open-source Session Initiation Protocol SIP User-Agent library. Prior to version 1.13.8, an attacker can send a message with evil sdp to FreeSWITCH, which may cause a crash. This type of crash may be caused by a URL ending with %. Version 1.13.8 contains a patch for this issue...
CVE-2022-31002 Out-of-bounds Read in Sofia-SIP
Sofia-SIP is an open-source Session Initiation Protocol SIP User-Agent library. Prior to version 1.13.8, an attacker can send a message with evil sdp to FreeSWITCH, which may cause a crash. This type of crash may be caused by a URL ending with %. Version 1.13.8 contains a patch for this issue...
CVE-2022-31001 Out-of-bounds Read in Sofia-SIP
Sofia-SIP is an open-source Session Initiation Protocol SIP User-Agent library. Prior to version 1.13.8, an attacker can send a message with evil sdp to FreeSWITCH, which may cause crash. This type of crash may be caused by define MATCHs, m strncmps, m, n = sizeofm - 1 == 0, which will make n...
CVE-2022-31003 Heap-based Buffer Overflow and Out-of-bounds Write in Sofia-SIP
Sofia-SIP is an open-source Session Initiation Protocol SIP User-Agent library. Prior to version 1.13.8, when parsing each line of a sdp message, rest = record + 2 will access the memory behind \0 and cause an out-of-bounds write. An attacker can send a message with evil sdp to FreeSWITCH, causin...
Mageia: Security Advisory (MGASA-2013-0279)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...