DEBIAN-CVE-2022-31001
- Source
- https://security-tracker.debian.org/tracker/CVE-2022-31001
- Import Source
- https://storage.googleapis.com/osv-test-debian-osv/debian-cve-osv/DEBIAN-CVE-2022-31001.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/DEBIAN-CVE-2022-31001
- Upstream
- Published
- 2022-05-31T20:15:07Z
- Modified
- 2025-09-19T07:32:19.816347Z
- Summary
- [none]
- Details
-
Sofia-SIP is an open-source Session Initiation Protocol (SIP) User-Agent library. Prior to version 1.13.8, an attacker can send a message with evil sdp to FreeSWITCH, which may cause crash. This type of crash may be caused by
#define MATCH(s, m) (strncmp(s, m, n = sizeof(m) - 1) == 0), which will makenbigger and trigger out-of-bound access whenIS_NON_WS(s[n]). Version 1.13.8 contains a patch for this issue. - References
Affected packages
Debian:11 / sofia-sip
Package
- Name
- sofia-sip
- Purl
- pkg:deb/debian/sofia-sip?arch=source
Debian:12 / sofia-sip
Package
- Name
- sofia-sip
- Purl
- pkg:deb/debian/sofia-sip?arch=source
Debian:13 / sofia-sip
Package
- Name
- sofia-sip
- Purl
- pkg:deb/debian/sofia-sip?arch=source
Debian:14 / sofia-sip
Package
- Name
- sofia-sip
- Purl
- pkg:deb/debian/sofia-sip?arch=source