CVE-2023-32307

NameCVE-2023-32307
DescriptionSofia-SIP is an open-source SIP User-Agent library, compliant with the IETF RFC3261 specification. Referring to [GHSA-8599-x7rq-fr54](https://github.com/freeswitch/sofia-sip/security/advisories/GHSA-8599-x7rq-fr54), several other potential heap-over-flow and integer-overflow in stun_parse_attr_error_code and stun_parse_attr_uint32 were found because the lack of attributes length check when Sofia-SIP handles STUN packets. The previous patch of [GHSA-8599-x7rq-fr54](https://github.com/freeswitch/sofia-sip/security/advisories/GHSA-8599-x7rq-fr54) fixed the vulnerability when attr_type did not match the enum value, but there are also vulnerabilities in the handling of other valid cases. The OOB read and integer-overflow made by attacker may lead to crash, high consumption of memory or even other more serious consequences. These issue have been addressed in version 1.13.15. Users are advised to upgrade.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
ReferencesDLA-3441-1, DSA-5431-1
Debian Bugs1036847

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
sofia-sip (PTS)buster1.12.11+20110422.1-2.1vulnerable
buster (security)1.12.11+20110422.1-2.1+deb10u4fixed
bullseye (security), bullseye1.12.11+20110422.1-2.1+deb11u2fixed
trixie, bookworm1.12.11+20110422.1+1e14eea~dfsg-6fixed
sid1.12.11+20110422.1+1e14eea~dfsg-6.1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
sofia-sipsourcebuster1.12.11+20110422.1-2.1+deb10u4DLA-3441-1
sofia-sipsourcebullseye1.12.11+20110422.1-2.1+deb11u2DSA-5431-1
sofia-sipsource(unstable)1.12.11+20110422.1+1e14eea~dfsg-61036847

Notes

https://github.com/freeswitch/sofia-sip/security/advisories/GHSA-rm4c-ccvf-ff9c
https://github.com/freeswitch/sofia-sip/pull/214
Fixed by: https://github.com/freeswitch/sofia-sip/commit/c3bbc50c88d168065de34ca01b9b1d98c1b0e810 (v1.13.15)

Search for package or bug name: Reporting problems