Integer overflow

Sofia-SIP is an open-source SIP User-Agent library, compliant with the IETF RFC3261 specification. Referring to GHSA-8599-x7rq-fr54, several other potential heap-over-flow and integer-overflow in stunparseattrerrorcode and stunparseattruint32 were found because the lack of attributes length check...

CVE-2023-32307

Sofia-SIP (SIP UAs) has CVE-2023-32307 describing multiple vulnerabilities in STUN packet handling, including heap overflow and OOB read caused by missing attributes length checks. Attacks could crash or cause high memory usage; these issues were addressed in version 1.13.15, with upgrades advise...

UBUNTU-CVE-2022-23537

PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. Buffer overread is possible when parsing a specially crafted STUN message with unknown attribute. The vulnerability affects...

Sofia-SIP: Multiple Vulnerabilities

Background Sofia-SIP is an RFC3261 compliant SIP User-Agent library. Description Multiple vulnerabilities have been discovered in Sofia-SIP. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There is no know...

Design/Logic Flaw

Sofia-SIP is an open-source Session Initiation Protocol SIP User-Agent library. Prior to version 1.13.8, an attacker can send a message with evil sdp to FreeSWITCH, which may cause a crash. This type of crash may be caused by a URL ending with %. Version 1.13.8 contains a patch for this issue...

CVE-2022-31003

Sofia-SIP vulnerability CVE-2022-31003: before version 1.13.8, parsing each line of a SDP message with rest = record + 2 can access memory behind a NUL and cause an out-of-bounds write, potentially crashing or enabling remote code execution. Affected component is the Sofia-SIP SIP User-Agent libr...