CVE-2022-31002
Summary
| CVE | CVE-2022-31002 |
|---|
| State | PUBLIC |
|---|
| Assigner | [email protected] |
|---|
| Source Priority | CVE Program / NVD first with legacy fallback |
|---|
| Published | 2022-05-31 19:15:00 UTC |
|---|
| Updated | 2023-05-24 21:15:00 UTC |
|---|
| Description | Sofia-SIP is an open-source Session Initiation Protocol (SIP) User-Agent library. Prior to version 1.13.8, an attacker can send a message with evil sdp to FreeSWITCH, which may cause a crash. This type of crash may be caused by a URL ending with `%`. Version 1.13.8 contains a patch for this issue. |
|---|
NVD Known Affected Configurations (CPE 2.3)
References
| Reference | Source | Link | Tags |
|---|
| Debian -- Security Information -- DSA-5410-1 sofia-sip |
DEBIAN |
www.debian.org |
|
| Sofia-SIP: Multiple Vulnerabilities (GLSA 202210-18) — Gentoo security |
GENTOO |
security.gentoo.org |
|
| Merge pull request from GHSA-g3x6-p824-x6hm · freeswitch/sofia-sip@51841eb · GitHub |
MISC |
github.com |
|
| [SECURITY] [DLA 3091-1] sofia-sip security update |
MLIST |
lists.debian.org |
|
| url_canonize2 Out-of-bound read · Advisory · freeswitch/sofia-sip · GitHub |
CONFIRM |
github.com |
|
| CVE Program record |
CVE.ORG |
www.cve.org |
canonical |
| NVD vulnerability detail |
NVD |
nvd.nist.gov |
canonical, analysis |
No vendor comments have been submitted for this CVE.
Legacy QID Mappings
- 180986 Debian Security Update for sofia-sip (DLA 3091-1)
- 181801 Debian Security Update for sofia-sip (DSA 5410-1)
- 183614 Debian Security Update for sofia-sip (CVE-2022-31002)
- 199225 Ubuntu Security Notification for Sofia-SIP Vulnerabilities (USN-5932-1)
- 502678 Alpine Linux Security Update for sofia-sip
- 504408 Alpine Linux Security Update for sofia-sip
- 710654 Gentoo Linux Sofia-SIP Multiple Vulnerabilities (GLSA 202210-18)
