CVE-2022-31001
Summary
| CVE | CVE-2022-31001 |
|---|
| State | PUBLIC |
|---|
| Assigner | [email protected] |
|---|
| Source Priority | CVE Program / NVD first with legacy fallback |
|---|
| Published | 2022-05-31 20:15:00 UTC |
|---|
| Updated | 2023-05-24 21:15:00 UTC |
|---|
| Description | Sofia-SIP is an open-source Session Initiation Protocol (SIP) User-Agent library. Prior to version 1.13.8, an attacker can send a message with evil sdp to FreeSWITCH, which may cause crash. This type of crash may be caused by `#define MATCH(s, m) (strncmp(s, m, n = sizeof(m) - 1) == 0)`, which will make `n` bigger and trigger out-of-bound access when `IS_NON_WS(s[n])`. Version 1.13.8 contains a patch for this issue. |
|---|
NVD Known Affected Configurations (CPE 2.3)
References
| Reference | Source | Link | Tags |
|---|
| Debian -- Security Information -- DSA-5410-1 sofia-sip |
DEBIAN |
www.debian.org |
|
| Sofia-SIP: Multiple Vulnerabilities (GLSA 202210-18) — Gentoo security |
GENTOO |
security.gentoo.org |
|
| Merge pull request from GHSA-79jq-hh82-cv9g · freeswitch/sofia-sip@a99804b · GitHub |
MISC |
github.com |
|
| sip_method_d Out-of-bound read · Advisory · freeswitch/sofia-sip · GitHub |
CONFIRM |
github.com |
|
| [SECURITY] [DLA 3091-1] sofia-sip security update |
MLIST |
lists.debian.org |
|
| CVE Program record |
CVE.ORG |
www.cve.org |
canonical |
| NVD vulnerability detail |
NVD |
nvd.nist.gov |
canonical, analysis |
No vendor comments have been submitted for this CVE.
Legacy QID Mappings
- 180986 Debian Security Update for sofia-sip (DLA 3091-1)
- 181801 Debian Security Update for sofia-sip (DSA 5410-1)
- 183979 Debian Security Update for sofia-sip (CVE-2022-31001)
- 199225 Ubuntu Security Notification for Sofia-SIP Vulnerabilities (USN-5932-1)
- 502678 Alpine Linux Security Update for sofia-sip
- 504408 Alpine Linux Security Update for sofia-sip
- 710654 Gentoo Linux Sofia-SIP Multiple Vulnerabilities (GLSA 202210-18)
