132 matches found
CVE-2022-31001
Sofia-SIP (library) is affected by CVE-2022-31001, CVE-2022-31002, and CVE-2022-31003. In pre-1.13.8 releases, processing specially crafted SDP messages could cause crashes via out-of-bounds access or related memory violations (notably linked to the MATCH macro and SDP parsing issues). A patch wa...
PT-2022-20448
Name of the Vulnerable Software and Affected Versions Sofia-SIP versions prior to 1.13.8 Description Sofia-SIP is an open-source Session Initiation Protocol SIP User-Agent library. An attacker can send a message with malicious sdp to FreeSWITCH, which may cause a crash. This type of crash may be...
CVE-2022-31003 Heap-based Buffer Overflow and Out-of-bounds Write in Sofia-SIP
Sofia-SIP is an open-source Session Initiation Protocol SIP User-Agent library. Prior to version 1.13.8, when parsing each line of a sdp message, rest = record + 2 will access the memory behind \0 and cause an out-of-bounds write. An attacker can send a message with evil sdp to FreeSWITCH, causin...
CVE-2022-31003 Heap-based Buffer Overflow and Out-of-bounds Write in Sofia-SIP
Sofia-SIP is an open-source Session Initiation Protocol SIP User-Agent library. Prior to version 1.13.8, when parsing each line of a sdp message, rest = record + 2 will access the memory behind \0 and cause an out-of-bounds write. An attacker can send a message with evil sdp to FreeSWITCH, causin...
CVE-2022-31002 Out-of-bounds Read in Sofia-SIP
Sofia-SIP is an open-source Session Initiation Protocol SIP User-Agent library. Prior to version 1.13.8, an attacker can send a message with evil sdp to FreeSWITCH, which may cause a crash. This type of crash may be caused by a URL ending with %. Version 1.13.8 contains a patch for this issue...
CVE-2022-31002 Out-of-bounds Read in Sofia-SIP
Sofia-SIP is an open-source Session Initiation Protocol SIP User-Agent library. Prior to version 1.13.8, an attacker can send a message with evil sdp to FreeSWITCH, which may cause a crash. This type of crash may be caused by a URL ending with %. Version 1.13.8 contains a patch for this issue...
CVE-2022-31002
Sofia-SIP is an open-source Session Initiation Protocol SIP User-Agent library. Prior to version 1.13.8, an attacker can send a message with evil sdp to FreeSWITCH, which may cause a crash. This type of crash may be caused by a URL ending with %. Version 1.13.8 contains a patch for this issue...
CVE-2022-31003
Sofia-SIP is an open-source Session Initiation Protocol SIP User-Agent library. Prior to version 1.13.8, when parsing each line of a sdp message, rest = record + 2 will access the memory behind \0 and cause an out-of-bounds write. An attacker can send a message with evil sdp to FreeSWITCH, causin...
PT-2022-20450 · Sofia-Sip +4 · Sofia-Sip +4
Name of the Vulnerable Software and Affected Versions: Sofia-SIP versions prior to 1.13.8 Description: Sofia-SIP is an open-source Session Initiation Protocol SIP User-Agent library. When parsing each line of a sdp message, rest = record + 2 will access the memory behind 0 and cause an...
CVE-2022-31001
Sofia-SIP is an open-source Session Initiation Protocol SIP User-Agent library. Prior to version 1.13.8, an attacker can send a message with evil sdp to FreeSWITCH, which may cause crash. This type of crash may be caused by define MATCHs, m strncmps, m, n = sizeofm - 1 == 0, which will make n...
FreeSWITCH 1.10.6 SIP Flooding Denial Of Service
FreeSWITCH susceptible to Denial of Service via SIP flooding - Fixed versions: v1.10.7 - Enable Security Advisory: https://github.com/EnableSecurity/advisories/tree/master/ES2021-06-freeswitch-flood-dos - Vendor Security Advisory:...
Sofia-SIP Library Detection (SIP)
Checks whether the Sofia-SIP Library is present on the target system and if so, tries to figure out the installed version. Copyright C 2020 Greenbone Networks GmbH SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can redistribute it and/or modify it under the terms of...