CVE-2023-22741

Published: Jan 19, 2023

Modified: Mar 10, 2025

PUBLISHED

CVSS v3.1

9.8

CRITICAL

Description

Sofia-SIP is an open-source SIP User-Agent library, compliant with the IETF RFC3261 specification. In affected versions Sofia-SIP **lacks both message length and attributes length checks** when it handles STUN packets, leading to controllable heap-over-flow. For example, in stun_parse_attribute(), after we get the attribute's type and length value, the length will be used directly to copy from the heap, regardless of the message's left size. Since network users control the overflowed length, and the data is written to heap chunks later, attackers may achieve remote code execution by heap grooming or other exploitation methods. The bug was introduced 16 years ago in sofia-sip 1.12.4 (plus some patches through 12/21/2006) to in tree libs with git-svn-id: http://svn.freeswitch.org/svn/freeswitch/trunk@3774 d0543943-73ff-0310-b7d9-9358b9ac24b2. Users are advised to upgrade. There are no known workarounds for this vulnerability.

Vendor	Product	Versions
freeswitch	sofia-sip	affected `< 1.13.11`

Weaknesses (CWE)

CWE-120

CVSS v3.1 Details

CVSS v3.1 Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

References

https://github.com/freeswitch/sofia-sip/security/advisories/GHSA-8599-x7rq-fr54

x_refsource_CONFIRM

https://github.com/freeswitch/sofia-sip/commit/da53e4fbcb138b080a75576dd49c1fff2ada2764

x_refsource_MISC

https://www.debian.org/security/2023/dsa-5410

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2023-22741

Description

Affected Products

Weaknesses (CWE)

CVSS v3.1 Details

References