VYPR

sofia-sip

by Signalwire

CVEs (4)

  • CVE-2023-32307HigMay 26, 2023
    risk 0.49cvss 7.5epss 0.01

    Sofia-SIP is an open-source SIP User-Agent library, compliant with the IETF RFC3261 specification. Referring to [GHSA-8599-x7rq-fr54](https://github.com/freeswitch/sofia-sip/security/advisories/GHSA-8599-x7rq-fr54), several other potential heap-over-flow and integer-overflow in…

  • CVE-2022-31003CriMay 31, 2022
    risk 0.00cvss 9.1epss 0.04

    Sofia-SIP is an open-source Session Initiation Protocol (SIP) User-Agent library. Prior to version 1.13.8, when parsing each line of a sdp message, `rest = record + 2` will access the memory behind `\0` and cause an out-of-bounds write. An attacker can send a message with evil…

  • CVE-2022-31001HigMay 31, 2022
    risk 0.00cvss 7.5epss 0.02

    Sofia-SIP is an open-source Session Initiation Protocol (SIP) User-Agent library. Prior to version 1.13.8, an attacker can send a message with evil sdp to FreeSWITCH, which may cause crash. This type of crash may be caused by `#define MATCH(s, m) (strncmp(s, m, n = sizeof(m) -…

  • CVE-2022-31002HigMay 31, 2022
    risk 0.00cvss 7.5epss 0.02

    Sofia-SIP is an open-source Session Initiation Protocol (SIP) User-Agent library. Prior to version 1.13.8, an attacker can send a message with evil sdp to FreeSWITCH, which may cause a crash. This type of crash may be caused by a URL ending with `%`. Version 1.13.8 contains a…