Remote Code Execution (RCE)

2023-03-2204:52:06

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

remote code execution

sofia-sip

sdp message parsing

freeswitch vulnerability

out-of-bounds write

0.027 Low

EPSS

Percentile

90.6%

JSON

sofia-sip is vulnerable to Remote Code Execution (RCE). When parsing each line of a sdp message, rest = record + 2 will access the memory behind \0 and cause an out-of-bounds write. An attacker is able to send a message with evil sdp to FreeSWITCH, causing a crash or more serious consequence, such as remote code execution.

CPENameOperatorVersion
sofia-sip:3.15eq1.13.4-r2
sofia-sip:3.15eq1.13.6-r0
sofia-sip:3.14eq1.13.3-r0
sofia-sip:3.14eq1.13.4-r0
sofia-sip:edgeeq1.13.4-r0
sofia-sip:edgeeq1.13.7-r0
sofia-sip:edgeeq1.13.4-r2
sofia-sip:edgeeq1.13.3-r0
sofia-sip:edgeeq1.13.6-r0
sofia-sip:3.16eq1.13.7-r0

Name	Operator	Version
sofia-sip:3.15	eq	1.13.4-r2
sofia-sip:3.15	eq	1.13.6-r0
sofia-sip:3.14	eq	1.13.3-r0
sofia-sip:3.14	eq	1.13.4-r0
sofia-sip:edge	eq	1.13.4-r0
sofia-sip:edge	eq	1.13.7-r0
sofia-sip:edge	eq	1.13.4-r2
sofia-sip:edge	eq	1.13.3-r0
sofia-sip:edge	eq	1.13.6-r0
sofia-sip:3.16	eq	1.13.7-r0