CVE-2022-31003 - Vulnerability Details - OpenCVE

Sofia-SIP is an open-source Session Initiation Protocol (SIP) User-Agent library. Prior to version 1.13.8, when parsing each line of a sdp message, `rest = record + 2` will access the memory behind `\0` and cause an out-of-bounds write. An attacker can send a message with evil sdp to FreeSWITCH, causing a crash or more serious consequence, such as remote code execution. Version 1.13.8 contains a patch for this issue.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

This CVE is not in the KEV list.

Exploitation poc

Automatable yes

Technical Impact partial

Vendors	Products
Debian	Debian Linux
Signalwire	Sofia-sip

Configuration 1 [-]

cpe:2.3:a:signalwire:sofia-sip:*:*:*:*:*:*:*:*

Configuration 2 [-]

cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://github.com/freeswitch/sofia-sip/commit/907f2ac0ee504c93ebfefd676b4632a3575908c9
https://github.com/freeswitch/sofia-sip/security/advisories/GHSA-8w5j-6g2j-pxcp
https://lists.debian.org/debian-lts-announce/2022/09/msg00001.html
https://security.gentoo.org/glsa/202210-18
https://www.debian.org/security/2023/dsa-5410

History

Tue, 22 Apr 2025 18:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'yes', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published: 2022-05-31T00:00:00.000Z

Updated: 2025-04-22T17:55:56.743Z

Reserved: 2022-05-18T00:00:00.000Z

Link: CVE-2022-31003

Vulnrichment

Updated: 2024-08-03T07:03:40.261Z

NVD

Status : Modified

Published: 2022-05-31T20:15:07.910

Modified: 2024-11-21T07:03:41.747

Link: CVE-2022-31003

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2022-31003", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "assignerShortName": "GitHub_M", "dateUpdated": "2025-04-22T17:55:56.743Z", "dateReserved": "2022-05-18T00:00:00.000Z", "datePublished": "2022-05-31T00:00:00.000Z"}, "containers": {"cna": {"title": "Heap-based Buffer Overflow and Out-of-bounds Write in Sofia-SIP", "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2023-05-24T00:00:00.000Z"}, "descriptions": [{"lang": "en", "value": "Sofia-SIP is an open-source Session Initiation Protocol (SIP) User-Agent library. Prior to version 1.13.8, when parsing each line of a sdp message, `rest = record + 2` will access the memory behind `\\0` and cause an out-of-bounds write. An attacker can send a message with evil sdp to FreeSWITCH, causing a crash or more serious consequence, such as remote code execution. Version 1.13.8 contains a patch for this issue."}], "affected": [{"vendor": "freeswitch", "product": "sofia-sip", "versions": [{"version": "< 1.13.8", "status": "affected"}]}], "references": [{"url": "https://github.com/freeswitch/sofia-sip/security/advisories/GHSA-8w5j-6g2j-pxcp"}, {"url": "https://github.com/freeswitch/sofia-sip/commit/907f2ac0ee504c93ebfefd676b4632a3575908c9"}, {"name": "[debian-lts-announce] 20220902 [SECURITY] [DLA 3091-1] sofia-sip security update", "tags": ["mailing-list"], "url": "https://lists.debian.org/debian-lts-announce/2022/09/msg00001.html"}, {"name": "GLSA-202210-18", "tags": ["vendor-advisory"], "url": "https://security.gentoo.org/glsa/202210-18"}, {"name": "DSA-5410", "tags": ["vendor-advisory"], "url": "https://www.debian.org/security/2023/dsa-5410"}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 9.1, "baseSeverity": "CRITICAL"}}], "problemTypes": [{"descriptions": [{"type": "CWE", "lang": "en", "description": "CWE-122: Heap-based Buffer Overflow", "cweId": "CWE-122"}]}, {"descriptions": [{"type": "CWE", "lang": "en", "description": "CWE-787: Out-of-bounds Write", "cweId": "CWE-787"}]}], "source": {"advisory": "GHSA-8w5j-6g2j-pxcp", "discovery": "UNKNOWN"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T07:03:40.261Z"}, "title": "CVE Program Container", "references": [{"url": "https://github.com/freeswitch/sofia-sip/security/advisories/GHSA-8w5j-6g2j-pxcp", "tags": ["x_transferred"]}, {"url": "https://github.com/freeswitch/sofia-sip/commit/907f2ac0ee504c93ebfefd676b4632a3575908c9", "tags": ["x_transferred"]}, {"name": "[debian-lts-announce] 20220902 [SECURITY] [DLA 3091-1] sofia-sip security update", "tags": ["mailing-list", "x_transferred"], "url": "https://lists.debian.org/debian-lts-announce/2022/09/msg00001.html"}, {"name": "GLSA-202210-18", "tags": ["vendor-advisory", "x_transferred"], "url": "https://security.gentoo.org/glsa/202210-18"}, {"name": "DSA-5410", "tags": ["vendor-advisory", "x_transferred"], "url": "https://www.debian.org/security/2023/dsa-5410"}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-04-22T15:41:07.596387Z", "id": "CVE-2022-31003", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-04-22T17:55:56.743Z"}}]}}

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2022-31003", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "assignerShortName": "GitHub_M", "dateUpdated": "2025-04-22T17:55:56.743Z", "dateReserved": "2022-05-18T00:00:00.000Z", "datePublished": "2022-05-31T00:00:00.000Z"}, "containers": {"cna": {"title": "Heap-based Buffer Overflow and Out-of-bounds Write in Sofia-SIP", "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2023-05-24T00:00:00.000Z"}, "descriptions": [{"lang": "en", "value": "Sofia-SIP is an open-source Session Initiation Protocol (SIP) User-Agent library. Prior to version 1.13.8, when parsing each line of a sdp message, `rest = record + 2` will access the memory behind `\\0` and cause an out-of-bounds write. An attacker can send a message with evil sdp to FreeSWITCH, causing a crash or more serious consequence, such as remote code execution. Version 1.13.8 contains a patch for this issue."}], "affected": [{"vendor": "freeswitch", "product": "sofia-sip", "versions": [{"version": "< 1.13.8", "status": "affected"}]}], "references": [{"url": "https://github.com/freeswitch/sofia-sip/security/advisories/GHSA-8w5j-6g2j-pxcp"}, {"url": "https://github.com/freeswitch/sofia-sip/commit/907f2ac0ee504c93ebfefd676b4632a3575908c9"}, {"name": "[debian-lts-announce] 20220902 [SECURITY] [DLA 3091-1] sofia-sip security update", "tags": ["mailing-list"], "url": "https://lists.debian.org/debian-lts-announce/2022/09/msg00001.html"}, {"name": "GLSA-202210-18", "tags": ["vendor-advisory"], "url": "https://security.gentoo.org/glsa/202210-18"}, {"name": "DSA-5410", "tags": ["vendor-advisory"], "url": "https://www.debian.org/security/2023/dsa-5410"}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 9.1, "baseSeverity": "CRITICAL"}}], "problemTypes": [{"descriptions": [{"type": "CWE", "lang": "en", "description": "CWE-122: Heap-based Buffer Overflow", "cweId": "CWE-122"}]}, {"descriptions": [{"type": "CWE", "lang": "en", "description": "CWE-787: Out-of-bounds Write", "cweId": "CWE-787"}]}], "source": {"advisory": "GHSA-8w5j-6g2j-pxcp", "discovery": "UNKNOWN"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T07:03:40.261Z"}, "title": "CVE Program Container", "references": [{"url": "https://github.com/freeswitch/sofia-sip/security/advisories/GHSA-8w5j-6g2j-pxcp", "tags": ["x_transferred"]}, {"url": "https://github.com/freeswitch/sofia-sip/commit/907f2ac0ee504c93ebfefd676b4632a3575908c9", "tags": ["x_transferred"]}, {"name": "[debian-lts-announce] 20220902 [SECURITY] [DLA 3091-1] sofia-sip security update", "tags": ["mailing-list", "x_transferred"], "url": "https://lists.debian.org/debian-lts-announce/2022/09/msg00001.html"}, {"name": "GLSA-202210-18", "tags": ["vendor-advisory", "x_transferred"], "url": "https://security.gentoo.org/glsa/202210-18"}, {"name": "DSA-5410", "tags": ["vendor-advisory", "x_transferred"], "url": "https://www.debian.org/security/2023/dsa-5410"}]}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2022-31003", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-04-22T15:41:07.596387Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-04-22T15:41:09.548Z"}}]}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:signalwire:sofia-sip:*:*:*:*:*:*:*:*", "matchCriteriaId": "C8062138-09E2-4610-9FFB-037EDC6FA766", "versionEndExcluding": "1.13.8", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Sofia-SIP is an open-source Session Initiation Protocol (SIP) User-Agent library. Prior to version 1.13.8, when parsing each line of a sdp message, `rest = record + 2` will access the memory behind `\\0` and cause an out-of-bounds write. An attacker can send a message with evil sdp to FreeSWITCH, causing a crash or more serious consequence, such as remote code execution. Version 1.13.8 contains a patch for this issue."}, {"lang": "es", "value": "Sofia-SIP es una biblioteca de agente de usuario del Protocolo de Iniciaci\u00f3n de Sesi\u00f3n (SIP) de c\u00f3digo abierto. En versiones anteriores a 1.13.8, cuando es analizada cada l\u00ednea de un mensaje sdp, \"rest = record + 2\" acced\u00eda a la memoria detr\u00e1s de \"\\0\" y causaba una escritura fuera de l\u00edmites. Un atacante puede enviar un mensaje con sdp maligno a FreeSWITCH, causando un bloqueo o una consecuencia m\u00e1s grave, como una ejecuci\u00f3n remota de c\u00f3digo. La versi\u00f3n 1.13.8 contiene un parche para este problema"}], "id": "CVE-2022-31003", "lastModified": "2024-11-21T07:03:41.747", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.1, "baseSeverity": "CRITICAL", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.2, "source": "security-advisories@github.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-05-31T20:15:07.910", "references": [{"source": "security-advisories@github.com", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/freeswitch/sofia-sip/commit/907f2ac0ee504c93ebfefd676b4632a3575908c9"}, {"source": "security-advisories@github.com", "tags": ["Exploit", "Third Party Advisory"], "url": "https://github.com/freeswitch/sofia-sip/security/advisories/GHSA-8w5j-6g2j-pxcp"}, {"source": "security-advisories@github.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://lists.debian.org/debian-lts-announce/2022/09/msg00001.html"}, {"source": "security-advisories@github.com", "tags": ["Third Party Advisory"], "url": "https://security.gentoo.org/glsa/202210-18"}, {"source": "security-advisories@github.com", "url": "https://www.debian.org/security/2023/dsa-5410"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/freeswitch/sofia-sip/commit/907f2ac0ee504c93ebfefd676b4632a3575908c9"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Third Party Advisory"], "url": "https://github.com/freeswitch/sofia-sip/security/advisories/GHSA-8w5j-6g2j-pxcp"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://lists.debian.org/debian-lts-announce/2022/09/msg00001.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://security.gentoo.org/glsa/202210-18"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://www.debian.org/security/2023/dsa-5410"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-122"}, {"lang": "en", "value": "CWE-787"}], "source": "security-advisories@github.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-787"}], "source": "nvd@nist.gov", "type": "Secondary"}]}