CVE-2022-31003

🗓️ 31 May 2022 20:15:00Reported by ubuntu.comType

Sofia-SIP open-source SIP User-Agent library prior to version 1.13.8 allows out-of-bounds write leading to potential remote code executio

Reporter	Title	Published	Views	Family All 37
AlpineLinux	CVE-2022-31003	31 May 202200:00	–	alpinelinux
Circl	CVE-2022-31003	1 Jun 202200:19	–	circl
CNNVD	Sofia-SIP 缓冲区错误漏洞	31 May 202200:00	–	cnnvd
CVE	CVE-2022-31003	31 May 202200:00	–	cve
Cvelist	CVE-2022-31003 Heap-based Buffer Overflow and Out-of-bounds Write in Sofia-SIP	31 May 202200:00	–	cvelist
Debian	[SECURITY] [DLA 3091-1] sofia-sip security update	2 Sep 202205:45	–	debian
Debian	[SECURITY] [DSA 5410-1] sofia-sip	24 May 202310:39	–	debian
Debian CVE	CVE-2022-31003	31 May 202200:00	–	debiancve
Tenable Nessus	Debian dla-3091 : libsofia-sip-ua-dev - security update	2 Sep 202200:00	–	nessus
Tenable Nessus	Debian DSA-5410-1 : sofia-sip - security update	24 May 202300:00	–	nessus

OS	OS Version	Architecture	Package	Package Version	Filename
Ubuntu	18.04	any	sofia-sip	1.12.11+20110422.1-2.1+deb10u3build0.18.04.1	sofia-sip_1.12.11+20110422.1-2.1+deb10u3build0.18.04.1_any.deb
Ubuntu	20.04	any	sofia-sip	1.12.11+20110422.1-2.1+deb10u3ubuntu0.20.04.1	sofia-sip_1.12.11+20110422.1-2.1+deb10u3ubuntu0.20.04.1_any.deb
Ubuntu	22.04	any	sofia-sip	1.12.11+20110422.1-2.1+deb10u3ubuntu0.22.04.1	sofia-sip_1.12.11+20110422.1-2.1+deb10u3ubuntu0.22.04.1_any.deb
Ubuntu	16.04	any	sofia-sip	1.12.11+20110422.1-2.1+deb10u3ubuntu0.16.04.1~esm1	sofia-sip_1.12.11+20110422.1-2.1+deb10u3ubuntu0.16.04.1~esm1_any.deb

Source	Link
github	www.github.com/freeswitch/sofia-sip/commit/907f2ac0ee504c93ebfefd676b4632a3575908c9
github	www.github.com/freeswitch/sofia-sip/security/advisories/GHSA-8w5j-6g2j-pxcp
ubuntu	www.ubuntu.com/security/notices/USN-5932-1
cve	www.cve.org/CVERecord

25 Aug 2025 23:54Current

7.2High risk

Vulners AI Score7.2

CVSS 27.5

CVSS 3.19.1 - 9.8

EPSS0.0366

SSVC