Bug#1016974: sofia-sip: CVE-2022-31001 CVE-2022-31002 CVE-2022-31003

Moritz Mühlenhoff jmm at inutil.org
Wed Aug 10 21:08:18 BST 2022 

Source: sofia-sip
X-Debbugs-CC: team at security.debian.org
Severity: grave
Tags: security

Hi,

The following vulnerabilities were published for sofia-sip.

CVE-2022-31001[0]:
| Sofia-SIP is an open-source Session Initiation Protocol (SIP) User-
| Agent library. Prior to version 1.13.8, an attacker can send a message
| with evil sdp to FreeSWITCH, which may cause crash. This type of crash
| may be caused by `#define MATCH(s, m) (strncmp(s, m, n = sizeof(m) -
| 1) == 0)`, which will make `n` bigger and trigger out-of-bound access
| when `IS_NON_WS(s[n])`. Version 1.13.8 contains a patch for this
| issue.

https://github.com/freeswitch/sofia-sip/security/advisories/GHSA-79jq-hh82-cv9g
https://github.com/freeswitch/sofia-sip/commit/a99804b336d0e16d26ab7119d56184d2d7110a36 (v1.13.8)

CVE-2022-31002[1]:
| Sofia-SIP is an open-source Session Initiation Protocol (SIP) User-
| Agent library. Prior to version 1.13.8, an attacker can send a message
| with evil sdp to FreeSWITCH, which may cause a crash. This type of
| crash may be caused by a URL ending with `%`. Version 1.13.8 contains
| a patch for this issue.

https://github.com/freeswitch/sofia-sip/security/advisories/GHSA-g3x6-p824-x6hm
https://github.com/freeswitch/sofia-sip/commit/51841eb53679434a386fb2dcbca925dcc48d58ba (v1.13.8)

CVE-2022-31003[2]:
| Sofia-SIP is an open-source Session Initiation Protocol (SIP) User-
| Agent library. Prior to version 1.13.8, when parsing each line of a
| sdp message, `rest = record + 2` will access the memory behind `\0`
| and cause an out-of-bounds write. An attacker can send a message with
| evil sdp to FreeSWITCH, causing a crash or more serious consequence,
| such as remote code execution. Version 1.13.8 contains a patch for
| this issue.

https://github.com/freeswitch/sofia-sip/security/advisories/GHSA-8w5j-6g2j-pxcp
https://github.com/freeswitch/sofia-sip/commit/907f2ac0ee504c93ebfefd676b4632a3575908c9 (v1.13.8)

If you fix the vulnerabilities please also make sure to include the
CVE (Common Vulnerabilities & Exposures) ids in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2022-31001
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31001
[1] https://security-tracker.debian.org/tracker/CVE-2022-31002
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31002
[2] https://security-tracker.debian.org/tracker/CVE-2022-31003
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31003

Please adjust the affected versions in the BTS as needed.

More information about the Pkg-voip-maintainers mailing list