VYPR

Sofia-SIP

by Sofia-SIP

CVEs (1)

  • CVE-2023-22741CriJan 19, 2023
    risk 0.00cvss 9.8epss 0.02

    Sofia-SIP is an open-source SIP User-Agent library, compliant with the IETF RFC3261 specification. In affected versions Sofia-SIP **lacks both message length and attributes length checks** when it handles STUN packets, leading to controllable heap-over-flow. For example, in…