admin/cve
1
0
Fork 0
mirror of https://github.com/0xMarcio/cve.git synced 2025-05-06 02:31:38 +00:00
Code Issues Packages Projects Releases Wiki Activity
cve/2022/CVE-2022-31003.md

19 lines
1.0 KiB
Markdown
Raw Permalink Normal View History

Update CVE sources 2024-08-05 18:41
2024-08-05 18:41:32 +00:00
### [CVE-2022-31003](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31003)
![](https://img.shields.io/static/v1?label=Product&message=sofia-sip&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-122%3A%20Heap-based%20Buffer%20Overflow&color=brighgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-787%3A%20Out-of-bounds%20Write&color=brighgreen)
### Description
Sofia-SIP is an open-source Session Initiation Protocol (SIP) User-Agent library. Prior to version 1.13.8, when parsing each line of a sdp message, `rest = record + 2` will access the memory behind `\0` and cause an out-of-bounds write. An attacker can send a message with evil sdp to FreeSWITCH, causing a crash or more serious consequence, such as remote code execution. Version 1.13.8 contains a patch for this issue.
### POC
#### Reference
No PoCs from references.
#### Github
- https://github.com/DiRaltvein/memory-corruption-examples
Reference in New Issue Copy Permalink