Lucene search
+L

132 matches found

CVE
CVE
added 2022/05/31 12:0 a.m.144 views

CVE-2022-31001

Sofia-SIP (library) is affected by CVE-2022-31001, CVE-2022-31002, and CVE-2022-31003. In pre-1.13.8 releases, processing specially crafted SDP messages could cause crashes via out-of-bounds access or related memory violations (notably linked to the MATCH macro and SDP parsing issues). A patch wa...

7.5CVSS7.8AI score0.02022EPSS
Exploits1References5Affected Software1
Positive Technologies
Positive Technologies
added 2022/05/31 12:0 a.m.9 views

PT-2022-20448

Name of the Vulnerable Software and Affected Versions Sofia-SIP versions prior to 1.13.8 Description Sofia-SIP is an open-source Session Initiation Protocol SIP User-Agent library. An attacker can send a message with malicious sdp to FreeSWITCH, which may cause a crash. This type of crash may be...

7.8CVSS7.1AI score0.02022EPSS
Exploits1References38
Cvelist
Cvelist
added 2022/05/31 12:0 a.m.38 views

CVE-2022-31003 Heap-based Buffer Overflow and Out-of-bounds Write in Sofia-SIP

Sofia-SIP is an open-source Session Initiation Protocol SIP User-Agent library. Prior to version 1.13.8, when parsing each line of a sdp message, rest = record + 2 will access the memory behind \0 and cause an out-of-bounds write. An attacker can send a message with evil sdp to FreeSWITCH, causin...

9.1CVSS9.9AI score0.0366EPSS
Exploits1References5
OSV
OSV
added 2022/05/31 12:0 a.m.34 views

CVE-2022-31003 Heap-based Buffer Overflow and Out-of-bounds Write in Sofia-SIP

Sofia-SIP is an open-source Session Initiation Protocol SIP User-Agent library. Prior to version 1.13.8, when parsing each line of a sdp message, rest = record + 2 will access the memory behind \0 and cause an out-of-bounds write. An attacker can send a message with evil sdp to FreeSWITCH, causin...

9.1CVSS9.7AI score0.0366EPSS
Exploits1References7
Cvelist
Cvelist
added 2022/05/31 12:0 a.m.28 views

CVE-2022-31002 Out-of-bounds Read in Sofia-SIP

Sofia-SIP is an open-source Session Initiation Protocol SIP User-Agent library. Prior to version 1.13.8, an attacker can send a message with evil sdp to FreeSWITCH, which may cause a crash. This type of crash may be caused by a URL ending with %. Version 1.13.8 contains a patch for this issue...

7.5CVSS8.6AI score0.01802EPSS
Exploits1References5
OSV
OSV
added 2022/05/31 12:0 a.m.23 views

CVE-2022-31002 Out-of-bounds Read in Sofia-SIP

Sofia-SIP is an open-source Session Initiation Protocol SIP User-Agent library. Prior to version 1.13.8, an attacker can send a message with evil sdp to FreeSWITCH, which may cause a crash. This type of crash may be caused by a URL ending with %. Version 1.13.8 contains a patch for this issue...

7.5CVSS7.4AI score0.01802EPSS
Exploits1References7
AlpineLinux
AlpineLinux
added 2022/05/31 12:0 a.m.551 views

CVE-2022-31002

Sofia-SIP is an open-source Session Initiation Protocol SIP User-Agent library. Prior to version 1.13.8, an attacker can send a message with evil sdp to FreeSWITCH, which may cause a crash. This type of crash may be caused by a URL ending with %. Version 1.13.8 contains a patch for this issue...

7.5CVSS8.5AI score0.01802EPSS
Exploits1
AlpineLinux
AlpineLinux
added 2022/05/31 12:0 a.m.83 views

CVE-2022-31003

Sofia-SIP is an open-source Session Initiation Protocol SIP User-Agent library. Prior to version 1.13.8, when parsing each line of a sdp message, rest = record + 2 will access the memory behind \0 and cause an out-of-bounds write. An attacker can send a message with evil sdp to FreeSWITCH, causin...

9.8CVSS9.8AI score0.0366EPSS
Exploits1
Positive Technologies
Positive Technologies
added 2022/05/31 12:0 a.m.4 views

PT-2022-20450 · Sofia-Sip +4 · Sofia-Sip +4

Name of the Vulnerable Software and Affected Versions: Sofia-SIP versions prior to 1.13.8 Description: Sofia-SIP is an open-source Session Initiation Protocol SIP User-Agent library. When parsing each line of a sdp message, rest = record + 2 will access the memory behind 0 and cause an...

9.8CVSS7.8AI score0.0366EPSS
Exploits5References49
AlpineLinux
AlpineLinux
added 2022/05/31 12:0 a.m.508 views

CVE-2022-31001

Sofia-SIP is an open-source Session Initiation Protocol SIP User-Agent library. Prior to version 1.13.8, an attacker can send a message with evil sdp to FreeSWITCH, which may cause crash. This type of crash may be caused by define MATCHs, m strncmps, m, n = sizeofm - 1 == 0, which will make n...

7.5CVSS8.5AI score0.02022EPSS
Exploits1
Packet Storm
Packet Storm
added 2021/10/25 12:0 a.m.481 views

FreeSWITCH 1.10.6 SIP Flooding Denial Of Service

FreeSWITCH susceptible to Denial of Service via SIP flooding - Fixed versions: v1.10.7 - Enable Security Advisory: https://github.com/EnableSecurity/advisories/tree/master/ES2021-06-freeswitch-flood-dos - Vendor Security Advisory:...

0.3AI score0.01598EPSS
Exploits3
OpenVAS
OpenVAS
added 2020/04/09 12:0 a.m.19 views

Sofia-SIP Library Detection (SIP)

Checks whether the Sofia-SIP Library is present on the target system and if so, tries to figure out the installed version. Copyright C 2020 Greenbone Networks GmbH SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can redistribute it and/or modify it under the terms of...

Exploits0References1
Rows per page
Query Builder