CVE-2022-47516

NameCVE-2022-47516
DescriptionAn issue was discovered in the libsofia-sip fork in drachtio-server before 0.8.20. It allows remote attackers to cause a denial of service (daemon crash) via a crafted UDP message that leads to a failure of the libsofia-sip-ua/tport/tport.c self assertion.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
ReferencesDLA-3334-1, DSA-5410-1
Debian Bugs1031792

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
sofia-sip (PTS)buster1.12.11+20110422.1-2.1vulnerable
buster (security)1.12.11+20110422.1-2.1+deb10u4fixed
bullseye (security), bullseye1.12.11+20110422.1-2.1+deb11u2fixed
bookworm, sid, trixie1.12.11+20110422.1+1e14eea~dfsg-6fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
sofia-sipsourcebuster1.12.11+20110422.1-2.1+deb10u3DLA-3334-1
sofia-sipsourcebullseye1.12.11+20110422.1-2.1+deb11u1DSA-5410-1
sofia-sipsource(unstable)1.12.11+20110422.1+1e14eea~dfsg-51031792

Notes

Report in fork: https://github.com/drachtio/drachtio-server/issues/244
https://github.com/freeswitch/sofia-sip/commit/cadf505d88e2971d24b6a4379ddbb1398d8ec443 (v1.13.14)
Search for package or bug name: Reporting problems