Showing 1 - 3 of 3

CVE-2023-32307

Status Candidate

Overview

Sofia-SIP is an open-source SIP User-Agent library, compliant with the IETF RFC3261 specification. Referring to [GHSA-8599-x7rq-fr54](https://github.com/freeswitch/sofia-sip/security/advisories/GHSA-8599-x7rq-fr54), several other potential heap-over-flow and integer-overflow in stun_parse_attr_error_code and stun_parse_attr_uint32 were found because the lack of attributes length check when Sofia-SIP handles STUN packets. The previous patch of [GHSA-8599-x7rq-fr54](https://github.com/freeswitch/sofia-sip/security/advisories/GHSA-8599-x7rq-fr54) fixed the vulnerability when attr_type did not match the enum value, but there are also vulnerabilities in the handling of other valid cases. The OOB read and integer-overflow made by attacker may lead to crash, high consumption of memory or even other more serious consequences. These issue have been addressed in version 1.13.15. Users are advised to upgrade.

Related Files

Gentoo Linux Security Advisory 202407-10: Posted Jul 5, 2024; Authored by Gentoo | Site security.gentoo.org; Gentoo Linux Security Advisory 202407-10 - Multiple vulnerabilities have been discovered in Sofia-SIP, the worst of which can lead to remote code execution. Versions prior to 1.13.16 are affected.; tags | advisory, remote, vulnerability, code execution; systems | linux, gentoo; advisories | CVE-2023-22741, CVE-2023-32307; SHA-256 | 25079bc6a15773902534a2b9624563f05faa73464c53187244eb91df05c3a4d3; Download | Favorite | View

Ubuntu Security Notice USN-6448-1: Posted Oct 24, 2023; Authored by Ubuntu | Site security.ubuntu.com; Ubuntu Security Notice 6448-1 - Xu Biang discovered that Sofia-SIP did not properly manage memory when handling STUN packets. An attacker could use this issue to cause Sofia-SIP to crash, resulting in a denial of service, or possibly execute arbitrary code.; tags | advisory, denial of service, arbitrary; systems | linux, ubuntu; advisories | CVE-2023-32307; SHA-256 | 065e1d3f9e158da1ad62e274b382f034235454b8c2136ba104d239bd9d274b69; Download | Favorite | View

Debian Security Advisory 5431-1: Posted Jun 16, 2023; Authored by Debian | Site debian.org; Debian Linux Security Advisory 5431-1 - Xu Biang discovered that missing input sanitizing in Sofia-SIP, a SIP User-Agent library could result in denial of service.; tags | advisory, denial of service; systems | linux, debian; advisories | CVE-2023-32307; SHA-256 | 3c4d4111998ef3a34b0bb6f1a93c91d2e4c3b9c52b45f6af7f60ab7e4c01c27e; Download | Favorite | View

Page 1 of 1 Back 1 Next

Top Authors In Last 30 Days

Red Hat 293 files
Ubuntu 64 files
Debian 22 files
Gentoo 8 files
Google Security Research 7 files
LiquidWorm 6 files
Apple 5 files
Jann Horn 3 files
Spencer McIntyre 3 files
Milad Karimi 3 files

File Archives

Systems

AIX (430)
Apple (2,132)
BSD (378)
CentOS (61)
Cisco (1,954)
Debian (7,175)
Fedora (1,693)
FreeBSD (1,247)
Gentoo (4,607)
HPUX (881)
iOS (395)
iPhone (108)
IRIX (220)
Juniper (71)
Linux (52,140)
Mac OS X (696)
Mandriva (3,105)
NetBSD (256)
OpenBSD (490)
RedHat (17,480)
Slackware (941)
Solaris (1,615)
SUSE (1,444)
Ubuntu (10,022)
UNIX (9,482)
UnixWare (188)
Windows (6,785)
Other

CVE-2023-32307

Overview

Related Files

File Archive:

December 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems