CVE-2023-32307 heap-over-flow and integer-overflow in sofia-sip

Sofia-SIP is an open-source SIP User-Agent library, compliant with the IETF RFC3261 specification. Referring to GHSA-8599-x7rq-fr54, several other potential heap-over-flow and integer-overflow in stunparseattrerrorcode and stunparseattruint32 were found because the lack of attributes length check...

Sofia-SIP 输入验证错误漏洞

Sofia-SIP is an open source SIP user agent library from the individual developers of freeswitch that conforms to the IETF RFC3261 specification. A security vulnerability exists in Sofia-SIP versions prior to 1.13.15, which stems from a lack of attribute length checking when Sofia-SIP processes ST...

PT-2023-23716 · Sofia-Sip +3 · Sofia-Sip +3

Name of the Vulnerable Software and Affected Versions: Sofia-SIP versions prior to 1.13.15 Description: Sofia-SIP is an open-source SIP User-Agent library, compliant with the IETF RFC3261 specification. Several potential heap-over-flow and integer-overflow vulnerabilities were found in stun parse...

Debian: Security Advisory (DSA-5410-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] [DSA 5410-1] sofia-sip

------------------------------------------------------------------------- Debian Security Advisory DSA-5410-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff May 24, 2023 https://www.debian.org/security/faq -...

Debian DSA-5410-1 : sofia-sip - security update

The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5410 advisory. - Sofia-SIP is an open-source Session Initiation Protocol SIP User-Agent library. Prior to version 1.13.8, an attacker can send a message with evil sdp to...

DSA-5410-1 sofia-sip - security update

Bulletin has no description...

Mageia: Security Advisory (MGASA-2023-0040)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Out Of Bounds Read

Sofia-SIP is vulnerable to an Out-of-bounds Read. This vulnerability is present in the sipmethodd function of sipparser.c, and it enables an attacker to potentially trigger an application crash by sending a maliciously crafted message containing a malicious SDP Session Description Protocol to...

Denial Of Service (DoS)

sofia-sip is vulnerable to Denial of Service DoS attacks. An attacker is able to send a message with evil sdp to FreeSWITCH, which may cause an application crash with the use of a URL ending with %...

Remote Code Execution (RCE)

sofia-sip is vulnerable to Remote Code Execution RCE. When parsing each line of a sdp message, rest = record + 2 will access the memory behind \0 and cause an out-of-bounds write. An attacker is able to send a message with evil sdp to FreeSWITCH, causing a crash or more serious consequence, such ...

Out Of Bounds Write

sofia-sip is vulnerable to Out Of Bounds Write. A remote local attacker is able to cause out-of-bound writes due to improper memory management operations, resulting in a denial of service or arbitrary code execution...

Ubuntu: Security Advisory (USN-5932-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

USN-5932-1 sofia-sip vulnerabilities

It was discovered that Sofia-SIP incorrectly handled specially crafted SDP packets. A remote attacker could use this issue to cause applications using Sofia-SIP to crash, leading to a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 16.04 ESM, Ubuntu 18.04 LT...

USN-5932-1: Sofia-SIP vulnerabilities

It was discovered that Sofia-SIP incorrectly handled specially crafted SDP packets. A remote attacker could use this issue to cause applications using Sofia-SIP to crash, leading to a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 16.04 ESM, Ubuntu 18.04 LT...

Ubuntu 16.04 ESM / 18.04 LTS / 20.04 LTS / 22.04 LTS : Sofia-SIP vulnerabilities (USN-5932-1)

The remote Ubuntu 16.04 ESM / 18.04 LTS / 20.04 LTS / 22.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-5932-1 advisory. It was discovered that Sofia-SIP incorrectly handled specially crafted SDP packets. A remote attacker could use this...

MGASA-2023-0072 Updated sofia-sip packages fix security vulnerability

The configsortlist function is missing checks about the validity of the input string, which allows a possible arbitrary length stack overflow and thus may cause a denial of service. CVE-2022-47516...

Updated sofia-sip packages fix security vulnerability

The configsortlist function is missing checks about the validity of the input string, which allows a possible arbitrary length stack overflow and thus may cause a denial of service. CVE-2022-47516...

Debian: Security Advisory (DLA-3334-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] [DLA 3334-1] sofia-sip security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-3334-1 [email protected] https://www.debian.org/lts/security/ Adrian Bunk February 22, 2023 https://wiki.debian.org/LTS -...