12 matches found
[SECURITY] [DSA 5410-1] sofia-sip
------------------------------------------------------------------------- Debian Security Advisory DSA-5410-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff May 24, 2023 https://www.debian.org/security/faq -...
Debian DSA-5410-1 : sofia-sip - security update
The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5410 advisory. - Sofia-SIP is an open-source Session Initiation Protocol SIP User-Agent library. Prior to version 1.13.8, an attacker can send a message with evil sdp to...
Ubuntu: Security Advisory (USN-5932-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
USN-5932-1: Sofia-SIP vulnerabilities
It was discovered that Sofia-SIP incorrectly handled specially crafted SDP packets. A remote attacker could use this issue to cause applications using Sofia-SIP to crash, leading to a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 16.04 ESM, Ubuntu 18.04 LT...
GLSA-202210-18 : Sofia-SIP: Multiple Vulnerabilities
The remote host is affected by the vulnerability described in GLSA-202210-18 Sofia-SIP: Multiple Vulnerabilities - Sofia-SIP is an open-source Session Initiation Protocol SIP User-Agent library. Prior to version 1.13.8, an attacker can send a message with evil sdp to FreeSWITCH, which may cause...
Mageia: Security Advisory (MGASA-2022-0343)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
MGASA-2022-0343 Updated sofia-sip packages fix security vulnerability
An attacker can send a message with evil sdp to FreeSWITCH, which may a cause a crash due to an out-of-bounds access. CVE-2022-31001 An attacker can send a message with evil sdp to FreeSWITCH, which may cause a crash. CVE-2022-31002 An out-of-bounds write. CVE-2022-31003...
Updated sofia-sip packages fix security vulnerability
An attacker can send a message with evil sdp to FreeSWITCH, which may a cause a crash due to an out-of-bounds access. CVE-2022-31001 An attacker can send a message with evil sdp to FreeSWITCH, which may cause a crash. CVE-2022-31002 An out-of-bounds write. CVE-2022-31003...
Debian dla-3091 : libsofia-sip-ua-dev - security update
The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3091 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3091-1 [email protected]...
CVE-2022-31003
Sofia-SIP is an open-source Session Initiation Protocol SIP User-Agent library. Prior to version 1.13.8, when parsing each line of a sdp message, rest = record + 2 will access the memory behind \0 and cause an out-of-bounds write. An attacker can send a message with evil sdp to FreeSWITCH, causin...
CVE-2022-31003 Heap-based Buffer Overflow and Out-of-bounds Write in Sofia-SIP
Sofia-SIP is an open-source Session Initiation Protocol SIP User-Agent library. Prior to version 1.13.8, when parsing each line of a sdp message, rest = record + 2 will access the memory behind \0 and cause an out-of-bounds write. An attacker can send a message with evil sdp to FreeSWITCH, causin...
CVE-2022-31003
Sofia-SIP vulnerability CVE-2022-31003: before version 1.13.8, parsing each line of a SDP message with rest = record + 2 can access memory behind a NUL and cause an out-of-bounds write, potentially crashing or enabling remote code execution. Affected component is the Sofia-SIP SIP User-Agent libr...