Lucene search
K
SignalwireSofia-sip

5 matches found

CVE
CVE
added 2022/05/31 12:0 a.m.151 views

CVE-2022-31002

Sofia-SIP (Session Initiation Protocol library) is affected by CVE-2022-31002: before 1.13.8, processing a SDP message with a URL ending in % can trigger a crash. Version 1.13.8 contains the patch for this issue. Public advisories (Debian/Ubuntu Gentoo Mageia and other Nessus/Gentoo entries) refe...

7.5CVSS7.8AI score0.01802EPSS
CVE
CVE
added 2022/05/31 12:0 a.m.149 views

CVE-2022-31003

Sofia-SIP vulnerability CVE-2022-31003: before version 1.13.8, parsing each line of a SDP message with rest = record + 2 can access memory behind a NUL and cause an out-of-bounds write, potentially crashing or enabling remote code execution. Affected component is the Sofia-SIP SIP User-Agent libr...

9.8CVSS9.7AI score0.0366EPSS
CVE
CVE
added 2022/05/31 12:0 a.m.140 views

CVE-2022-31001

Sofia-SIP (library) is affected by CVE-2022-31001, CVE-2022-31002, and CVE-2022-31003. In pre-1.13.8 releases, processing specially crafted SDP messages could cause crashes via out-of-bounds access or related memory violations (notably linked to the MATCH macro and SDP parsing issues). A patch wa...

7.5CVSS7.8AI score0.02022EPSS
CVE
CVE
added 2023/01/19 9:20 p.m.114 views

CVE-2023-22741

Summary: CVE-2023-22741 affects Sofia-SIP’s handling of STUN packets, where the code does not validate message length and attribute length, enabling controllable heap overflow. This could allow remote code execution via heap grooming or related exploitation techniques. The issue originates from S...

9.8CVSS9.7AI score0.0238EPSS
CVE
CVE
added 2023/05/26 10:11 p.m.76 views

CVE-2023-32307

Sofia-SIP (SIP UAs) has CVE-2023-32307 describing multiple vulnerabilities in STUN packet handling, including heap overflow and OOB read caused by missing attributes length checks. Attacks could crash or cause high memory usage; these issues were addressed in version 1.13.15, with upgrades advise...

7.5CVSS7.9AI score0.01056EPSS