CVE-2023-22741Classic Buffer Overflow in Sofia-sip

CWE-120Classic Buffer OverflowCWE-787Out-of-bounds Write5 documents4 sources
Severity
9.8CRITICALNVD
OSV7.5
EPSS
1.4%
top 19.61%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Freeswitch Sofia-sipSignalwire Sofia-sipDebian Sofia-sip
Timeline
PublishedJan 19
Latest updateMar 7

Description

Sofia-SIP is an open-source SIP User-Agent library, compliant with the IETF RFC3261 specification. In affected versions Sofia-SIP **lacks both message length and attributes length checks** when it handles STUN packets, leading to controllable heap-over-flow. For example, in stun_parse_attribute(), after we get the attribute's type and length value, the length will be used directly to copy from the heap, regardless of the message's left size. Since network users control the overflowed length, and

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages5 packages

CVEListV5freeswitch/sofia-sip< 1.13.11
Debianfreeswitch/sofia-sip< 1.12.11+20110422.1-2.1+deb11u1+3
Ubuntufreeswitch/sofia-sip< 1.12.11+20110422.1-2.1+deb10u3build0.18.04.1+3
debiandebian/sofia-sip< sofia-sip 1.12.11+20110422.1+1e14eea~dfsg-4 (bookworm)
NVDsignalwire/sofia-sip< 1.13.11

Patches

Patch: github.comPatch: github.comPatch: github.com

🔴Vulnerability Details

2
OSV
sofia-sip vulnerabilities2023-03-07
OSV
CVE-2023-22741: Sofia-SIP is an open-source SIP User-Agent library, compliant with the IETF RFC3261 specification2023-01-19

📋Vendor Advisories

2
Ubuntu
Sofia-SIP vulnerabilities2023-03-07
Debian
CVE-2023-22741: sofia-sip - Sofia-SIP is an open-source SIP User-Agent library, compliant with the IETF RFC3...2023