CVE-2022-31002

Sofia-SIP (Session Initiation Protocol library) is affected by CVE-2022-31002: before 1.13.8, processing a SDP message with a URL ending in % can trigger a crash. Version 1.13.8 contains the patch for this issue. Public advisories (Debian/Ubuntu Gentoo Mageia and other Nessus/Gentoo entries) refe...

CVE-2022-31001

Sofia-SIP is an open-source Session Initiation Protocol SIP User-Agent library. Prior to version 1.13.8, an attacker can send a message with evil sdp to FreeSWITCH, which may cause crash. This type of crash may be caused by define MATCHs, m strncmps, m, n = sizeofm - 1 == 0, which will make n...

CVE-2022-31003

Sofia-SIP is an open-source Session Initiation Protocol SIP User-Agent library. Prior to version 1.13.8, when parsing each line of a sdp message, rest = record + 2 will access the memory behind \0 and cause an out-of-bounds write. An attacker can send a message with evil sdp to FreeSWITCH, causin...

CVE-2022-31003 Heap-based Buffer Overflow and Out-of-bounds Write in Sofia-SIP

Sofia-SIP is an open-source Session Initiation Protocol SIP User-Agent library. Prior to version 1.13.8, when parsing each line of a sdp message, rest = record + 2 will access the memory behind \0 and cause an out-of-bounds write. An attacker can send a message with evil sdp to FreeSWITCH, causin...

CVE-2022-31002 Out-of-bounds Read in Sofia-SIP

Sofia-SIP is an open-source Session Initiation Protocol SIP User-Agent library. Prior to version 1.13.8, an attacker can send a message with evil sdp to FreeSWITCH, which may cause a crash. This type of crash may be caused by a URL ending with %. Version 1.13.8 contains a patch for this issue...

CVE-2022-31002

Sofia-SIP is an open-source Session Initiation Protocol SIP User-Agent library. Prior to version 1.13.8, an attacker can send a message with evil sdp to FreeSWITCH, which may cause a crash. This type of crash may be caused by a URL ending with %. Version 1.13.8 contains a patch for this issue...

CVE-2022-31002 Out-of-bounds Read in Sofia-SIP

Sofia-SIP is an open-source Session Initiation Protocol SIP User-Agent library. Prior to version 1.13.8, an attacker can send a message with evil sdp to FreeSWITCH, which may cause a crash. This type of crash may be caused by a URL ending with %. Version 1.13.8 contains a patch for this issue...

CVE-2022-31003 Heap-based Buffer Overflow and Out-of-bounds Write in Sofia-SIP

Sofia-SIP is an open-source Session Initiation Protocol SIP User-Agent library. Prior to version 1.13.8, when parsing each line of a sdp message, rest = record + 2 will access the memory behind \0 and cause an out-of-bounds write. An attacker can send a message with evil sdp to FreeSWITCH, causin...

CVE-2022-31001 Out-of-bounds Read in Sofia-SIP

Sofia-SIP is an open-source Session Initiation Protocol SIP User-Agent library. Prior to version 1.13.8, an attacker can send a message with evil sdp to FreeSWITCH, which may cause crash. This type of crash may be caused by define MATCHs, m strncmps, m, n = sizeofm - 1 == 0, which will make n...

CVE-2022-31003 Heap-based Buffer Overflow and Out-of-bounds Write in Sofia-SIP

Sofia-SIP is an open-source Session Initiation Protocol SIP User-Agent library. Prior to version 1.13.8, when parsing each line of a sdp message, rest = record + 2 will access the memory behind \0 and cause an out-of-bounds write. An attacker can send a message with evil sdp to FreeSWITCH, causin...

PT-2022-20448

Name of the Vulnerable Software and Affected Versions Sofia-SIP versions prior to 1.13.8 Description Sofia-SIP is an open-source Session Initiation Protocol SIP User-Agent library. An attacker can send a message with malicious sdp to FreeSWITCH, which may cause a crash. This type of crash may be...

Sofia-SIP 缓冲区错误漏洞

Sofia-SIP is an open source SIP user agent library from the individual developers of freeswitch, compliant with the IETF RFC3261 specification. A buffer error vulnerability exists in Sofia-SIP versions prior to 1.13.8, which stems from a problematic define MATCHs, m strncmps, m, n = sizeofm - 1 =...

CVE-2022-31002

Sofia-SIP is an open-source Session Initiation Protocol SIP User-Agent library. Prior to version 1.13.8, an attacker can send a message with evil sdp to FreeSWITCH, which may cause a crash. This type of crash may be caused by a URL ending with %. Version 1.13.8 contains a patch for this issue...

PT-2022-20449 · Sofia-Sip +4 · Sofia-Sip +4

Name of the Vulnerable Software and Affected Versions: Sofia-SIP versions prior to 1.13.8 Description: Sofia-SIP is an open-source Session Initiation Protocol SIP User-Agent library. An attacker can send a message with evil sdp to FreeSWITCH, which may cause a crash. This type of crash may be...

Sofia-SIP 缓冲区错误漏洞

Sofia-SIP is an open source SIP user agent library from the individual developers of freeswitch that conforms to the IETF RFC3261 specification. A security vulnerability exists in Sofia-SIP, which stems from an out-of-bounds write to memory accessed by an application parsing sdp messages. An...

Sofia-SIP 缓冲区错误漏洞

Sofia-SIP is an open source SIP user agent library from the individual developers of freeswitch that conforms to the IETF RFC3261 specification. A buffer error vulnerability exists in Sofia-SIP versions prior to 1.13.8, which stems from an application's failure to efficiently handle URLs ending i...

CVE-2022-31002 Out-of-bounds Read in Sofia-SIP

Sofia-SIP is an open-source Session Initiation Protocol SIP User-Agent library. Prior to version 1.13.8, an attacker can send a message with evil sdp to FreeSWITCH, which may cause a crash. This type of crash may be caused by a URL ending with %. Version 1.13.8 contains a patch for this issue...

CVE-2022-31003

Sofia-SIP vulnerability CVE-2022-31003: before version 1.13.8, parsing each line of a SDP message with rest = record + 2 can access memory behind a NUL and cause an out-of-bounds write, potentially crashing or enabling remote code execution. Affected component is the Sofia-SIP SIP User-Agent libr...

CVE-2022-31001

Sofia-SIP is an open-source Session Initiation Protocol SIP User-Agent library. Prior to version 1.13.8, an attacker can send a message with evil sdp to FreeSWITCH, which may cause crash. This type of crash may be caused by define MATCHs, m strncmps, m, n = sizeofm - 1 == 0, which will make n...

CVE-2022-31003

Sofia-SIP is an open-source Session Initiation Protocol SIP User-Agent library. Prior to version 1.13.8, when parsing each line of a sdp message, rest = record + 2 will access the memory behind \0 and cause an out-of-bounds write. An attacker can send a message with evil sdp to FreeSWITCH, causin...