5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
0.002 Low
EPSS
Percentile
52.1%
Sofia-SIP is vulnerable to an Out-of-bounds Read. This vulnerability is present in the sip_method_d
function of sip_parser.c
, and it enables an attacker to potentially trigger an application crash by sending a maliciously crafted message containing a malicious SDP (Session Description Protocol) to FreeSWITCH. This type of crash could be induced by the #define MATCH(s, m) (strncmp(s, m, n = sizeof(m) - 1) == 0)
code, which might result in an increased value of n and subsequently lead to an out-of-bounds access when evaluating IS_NON_WS(s[n])
.
github.com/freeswitch/sofia-sip/commit/a99804b336d0e16d26ab7119d56184d2d7110a36
github.com/freeswitch/sofia-sip/security/advisories/GHSA-79jq-hh82-cv9g
lists.debian.org/debian-lts-announce/2022/09/msg00001.html
secdb.alpinelinux.org/edge/main.yaml
secdb.alpinelinux.org/v3.14/main.yaml
secdb.alpinelinux.org/v3.15/main.yaml
secdb.alpinelinux.org/v3.16/main.yaml
secdb.alpinelinux.org/v3.17/main.yaml
security.gentoo.org/glsa/202210-18
www.debian.org/security/2023/dsa-5410
5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
0.002 Low
EPSS
Percentile
52.1%