CVE-2022-31001 (https://github.com/freeswitch/sofia-sip/commit/a99804b336d0e16d26ab7119d56184d2d7110a36): https://github.com/freeswitch/sofia-sip/security/advisories/GHSA-79jq-hh82-cv9g Sofia-SIP is an open-source Session Initiation Protocol (SIP) User-Agent library. Prior to version 1.13.8, an attacker can send a message with evil sdp to FreeSWITCH, which may cause crash. This type of crash may be caused by `#define MATCH(s, m) (strncmp(s, m, n = sizeof(m) - 1) == 0)`, which will make `n` bigger and trigger out-of-bound access when `IS_NON_WS(s[n])`. Version 1.13.8 contains a patch for this issue. CVE-2022-31002 (https://github.com/freeswitch/sofia-sip/commit/51841eb53679434a386fb2dcbca925dcc48d58ba): https://github.com/freeswitch/sofia-sip/security/advisories/GHSA-g3x6-p824-x6hm Sofia-SIP is an open-source Session Initiation Protocol (SIP) User-Agent library. Prior to version 1.13.8, an attacker can send a message with evil sdp to FreeSWITCH, which may cause a crash. This type of crash may be caused by a URL ending with `%`. Version 1.13.8 contains a patch for this issue. CVE-2022-31003 (https://github.com/freeswitch/sofia-sip/commit/907f2ac0ee504c93ebfefd676b4632a3575908c9): https://github.com/freeswitch/sofia-sip/security/advisories/GHSA-8w5j-6g2j-pxcp Sofia-SIP is an open-source Session Initiation Protocol (SIP) User-Agent library. Prior to version 1.13.8, when parsing each line of a sdp message, `rest = record + 2` will access the memory behind `\0` and cause an out-of-bounds write. An attacker can send a message with evil sdp to FreeSWITCH, causing a crash or more serious consequence, such as remote code execution. Version 1.13.8 contains a patch for this issue. Please bump to 1.13.8.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=ff2c311988ad964bed25caf1d83cf1ff3eb9ba77 commit ff2c311988ad964bed25caf1d83cf1ff3eb9ba77 Author: Matt Turner <mattst88@gentoo.org> AuthorDate: 2022-06-01 15:48:28 +0000 Commit: Matt Turner <mattst88@gentoo.org> CommitDate: 2022-06-01 15:50:03 +0000 net-libs/sofia-sip: Version bump to 1.13.8 Bug: https://bugs.gentoo.org/848870 Signed-off-by: Matt Turner <mattst88@gentoo.org> net-libs/sofia-sip/Manifest | 1 + .../sofia-sip/files/1.13.8-Fix-array-size.patch | 45 ++++++++++++++++++++ net-libs/sofia-sip/sofia-sip-1.13.8.ebuild | 48 ++++++++++++++++++++++ 3 files changed, 94 insertions(+)
Likely to not be the last security vulnerability here. sofia-sip should be a superfund site.
Thanks! Please stabilize when ready.
GLSA request filed
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/data/glsa.git/commit/?id=4ff1286984b451245e4bdf4e277c6415bb9ba2df commit 4ff1286984b451245e4bdf4e277c6415bb9ba2df Author: GLSAMaker <glsamaker@gentoo.org> AuthorDate: 2022-10-31 01:12:52 +0000 Commit: John Helmert III <ajak@gentoo.org> CommitDate: 2022-10-31 01:40:15 +0000 [ GLSA 202210-18 ] Sofia-SIP: Multiple Vulnerabilities Bug: https://bugs.gentoo.org/848870 Signed-off-by: GLSAMaker <glsamaker@gentoo.org> Signed-off-by: John Helmert III <ajak@gentoo.org> glsa-202210-18.xml | 44 ++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 44 insertions(+)
GLSA released, all done!