An issue was discovered in the libsofia-sip fork in drachtio-server before 0.8.19. It allows remote attackers to cause a denial of service (daemon crash) via a crafted UDP message that causes a url_canonize2 heap-based buffer over-read because of an off-by-one error.
References
Link | Resource |
---|---|
https://github.com/davehorton/sofia-sip/commit/22c1bd191f0acbf11f0c0fbea1845d9bf9dcd47e | Patch Third Party Advisory |
https://github.com/davehorton/sofia-sip/commit/bfc79d85c8f3a4798a3305fb98f5a11c11d0d29f | Patch Third Party Advisory |
https://github.com/drachtio/drachtio-server/issues/243 | Exploit Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2022-12-18T00:00:00
Updated: 2022-12-18T00:00:00
Reserved: 2022-12-18T00:00:00
Link: CVE-2022-47517
JSON object: View
NVD Information
Status : Analyzed
Published: 2022-12-18T05:15:11.300
Modified: 2023-08-08T14:22:24.967
Link: CVE-2022-47517
JSON object: View
Redhat Information
No data.
CWE