Source: sofia-sip X-Debbugs-CC: t...@security.debian.org Severity: grave Tags: security
Hi, The following vulnerabilities were published for sofia-sip. CVE-2022-31001[0]: | Sofia-SIP is an open-source Session Initiation Protocol (SIP) User- | Agent library. Prior to version 1.13.8, an attacker can send a message | with evil sdp to FreeSWITCH, which may cause crash. This type of crash | may be caused by `#define MATCH(s, m) (strncmp(s, m, n = sizeof(m) - | 1) == 0)`, which will make `n` bigger and trigger out-of-bound access | when `IS_NON_WS(s[n])`. Version 1.13.8 contains a patch for this | issue. https://github.com/freeswitch/sofia-sip/security/advisories/GHSA-79jq-hh82-cv9g https://github.com/freeswitch/sofia-sip/commit/a99804b336d0e16d26ab7119d56184d2d7110a36 (v1.13.8) CVE-2022-31002[1]: | Sofia-SIP is an open-source Session Initiation Protocol (SIP) User- | Agent library. Prior to version 1.13.8, an attacker can send a message | with evil sdp to FreeSWITCH, which may cause a crash. This type of | crash may be caused by a URL ending with `%`. Version 1.13.8 contains | a patch for this issue. https://github.com/freeswitch/sofia-sip/security/advisories/GHSA-g3x6-p824-x6hm https://github.com/freeswitch/sofia-sip/commit/51841eb53679434a386fb2dcbca925dcc48d58ba (v1.13.8) CVE-2022-31003[2]: | Sofia-SIP is an open-source Session Initiation Protocol (SIP) User- | Agent library. Prior to version 1.13.8, when parsing each line of a | sdp message, `rest = record + 2` will access the memory behind `\0` | and cause an out-of-bounds write. An attacker can send a message with | evil sdp to FreeSWITCH, causing a crash or more serious consequence, | such as remote code execution. Version 1.13.8 contains a patch for | this issue. https://github.com/freeswitch/sofia-sip/security/advisories/GHSA-8w5j-6g2j-pxcp https://github.com/freeswitch/sofia-sip/commit/907f2ac0ee504c93ebfefd676b4632a3575908c9 (v1.13.8) If you fix the vulnerabilities please also make sure to include the CVE (Common Vulnerabilities & Exposures) ids in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2022-31001 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31001 [1] https://security-tracker.debian.org/tracker/CVE-2022-31002 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31002 [2] https://security-tracker.debian.org/tracker/CVE-2022-31003 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31003 Please adjust the affected versions in the BTS as needed.