5 matches found
CVE-2022-31002
Sofia-SIP (Session Initiation Protocol library) is affected by CVE-2022-31002: before 1.13.8, processing a SDP message with a URL ending in % can trigger a crash. Version 1.13.8 contains the patch for this issue. Public advisories (Debian/Ubuntu Gentoo Mageia and other Nessus/Gentoo entries) refe...
CVE-2022-31003
Sofia-SIP vulnerability CVE-2022-31003: before version 1.13.8, parsing each line of a SDP message with rest = record + 2 can access memory behind a NUL and cause an out-of-bounds write, potentially crashing or enabling remote code execution. Affected component is the Sofia-SIP SIP User-Agent libr...
CVE-2022-31001
Sofia-SIP (library) is affected by CVE-2022-31001, CVE-2022-31002, and CVE-2022-31003. In pre-1.13.8 releases, processing specially crafted SDP messages could cause crashes via out-of-bounds access or related memory violations (notably linked to the MATCH macro and SDP parsing issues). A patch wa...
CVE-2023-22741
Summary: CVE-2023-22741 affects Sofia-SIP’s handling of STUN packets, where the code does not validate message length and attribute length, enabling controllable heap overflow. This could allow remote code execution via heap grooming or related exploitation techniques. The issue originates from S...
CVE-2023-32307
Sofia-SIP (SIP UAs) has CVE-2023-32307 describing multiple vulnerabilities in STUN packet handling, including heap overflow and OOB read caused by missing attributes length checks. Attacks could crash or cause high memory usage; these issues were addressed in version 1.13.15, with upgrades advise...