CVE-2022-31002

🗓️ 31 May 2022 19:15:00Reported by ubuntu.comType

ubuntucve

ubuntucve🔗 ubuntu.com👁 35 Views

Sofia-SIP library allows crash via evil sdp in FreeSWITC

Reporter	Title	Published	Views	Family All 37
AlpineLinux	CVE-2022-31002	31 May 202200:00	–	alpinelinux
Circl	CVE-2022-31002	31 May 202222:18	–	circl
CNNVD	Sofia-SIP 缓冲区错误漏洞	31 May 202200:00	–	cnnvd
CVE	CVE-2022-31002	31 May 202200:00	–	cve
Cvelist	CVE-2022-31002 Out-of-bounds Read in Sofia-SIP	31 May 202200:00	–	cvelist
Debian	[SECURITY] [DLA 3091-1] sofia-sip security update	2 Sep 202205:45	–	debian
Debian	[SECURITY] [DSA 5410-1] sofia-sip	24 May 202310:39	–	debian
Debian CVE	CVE-2022-31002	31 May 202200:00	–	debiancve
Tenable Nessus	Debian dla-3091 : libsofia-sip-ua-dev - security update	2 Sep 202200:00	–	nessus
Tenable Nessus	Debian DSA-5410-1 : sofia-sip - security update	24 May 202300:00	–	nessus

OS	OS Version	Architecture	Package	Package Version	Filename
Ubuntu	18.04	any	sofia-sip	1.12.11+20110422.1-2.1+deb10u3build0.18.04.1	sofia-sip_1.12.11+20110422.1-2.1+deb10u3build0.18.04.1_any.deb
Ubuntu	20.04	any	sofia-sip	1.12.11+20110422.1-2.1+deb10u3ubuntu0.20.04.1	sofia-sip_1.12.11+20110422.1-2.1+deb10u3ubuntu0.20.04.1_any.deb
Ubuntu	22.04	any	sofia-sip	1.12.11+20110422.1-2.1+deb10u3ubuntu0.22.04.1	sofia-sip_1.12.11+20110422.1-2.1+deb10u3ubuntu0.22.04.1_any.deb
Ubuntu	16.04	any	sofia-sip	1.12.11+20110422.1-2.1+deb10u3ubuntu0.16.04.1~esm1	sofia-sip_1.12.11+20110422.1-2.1+deb10u3ubuntu0.16.04.1~esm1_any.deb

Source	Link
github	www.github.com/freeswitch/sofia-sip/commit/51841eb53679434a386fb2dcbca925dcc48d58ba
github	www.github.com/freeswitch/sofia-sip/security/advisories/GHSA-g3x6-p824-x6hm
ubuntu	www.ubuntu.com/security/notices/USN-5932-1
cve	www.cve.org/CVERecord

25 Aug 2025 23:54Current

7.1High risk

Vulners AI Score7.1

CVSS 25

CVSS 3.17.5

EPSS0.01802

SSVC

sofia-sip sip user-agent library freeswitch crash evil sdp patch vulnerability cve-2022-31002 unix