Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:deb/debian/sofia-sip@1.12.11%2B20110422.1-2.1
Typedeb
Namespacedebian
Namesofia-sip
Version1.12.11+20110422.1-2.1
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version1.12.11+20110422.1-2.1+deb11u2
Latest_non_vulnerable_version1.12.11+20110422.1-2.1+deb11u2
Affected_by_vulnerabilities
0
url VCID-7zys-jfw3-rkhf
vulnerability_id VCID-7zys-jfw3-rkhf
summary Sofia-SIP is an open-source Session Initiation Protocol (SIP) User-Agent library. Prior to version 1.13.8, an attacker can send a message with evil sdp to FreeSWITCH, which may cause crash. This type of crash may be caused by `#define MATCH(s, m) (strncmp(s, m, n = sizeof(m) - 1) == 0)`, which will make `n` bigger and trigger out-of-bound access when `IS_NON_WS(s[n])`. Version 1.13.8 contains a patch for this issue.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-31001
reference_id
reference_type
scores
0
value 0.01037
scoring_system epss
scoring_elements 0.77744
published_at 2026-06-04T12:55:00Z
1
value 0.01037
scoring_system epss
scoring_elements 0.77772
published_at 2026-06-05T12:55:00Z
2
value 0.01037
scoring_system epss
scoring_elements 0.77779
published_at 2026-06-06T12:55:00Z
3
value 0.01037
scoring_system epss
scoring_elements 0.77769
published_at 2026-06-07T12:55:00Z
4
value 0.01037
scoring_system epss
scoring_elements 0.77759
published_at 2026-06-08T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-31001
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31001
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31001
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31002
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31002
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31003
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31003
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-47516
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-47516
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22741
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22741
6
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1016974
reference_id 1016974
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1016974
7
reference_url https://security.gentoo.org/glsa/202210-18
reference_id GLSA-202210-18
reference_type
scores
url https://security.gentoo.org/glsa/202210-18
8
reference_url https://usn.ubuntu.com/5932-1/
reference_id USN-5932-1
reference_type
scores
url https://usn.ubuntu.com/5932-1/
fixed_packages
0
url pkg:deb/debian/sofia-sip@1.12.11%2B20110422.1-2.1%2Bdeb11u2
purl pkg:deb/debian/sofia-sip@1.12.11%2B20110422.1-2.1%2Bdeb11u2
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/sofia-sip@1.12.11%252B20110422.1-2.1%252Bdeb11u2
aliases CVE-2022-31001
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-7zys-jfw3-rkhf
1
url VCID-ef58-vu9c-kffy
vulnerability_id VCID-ef58-vu9c-kffy
summary Sofia-SIP is an open-source Session Initiation Protocol (SIP) User-Agent library. Prior to version 1.13.8, an attacker can send a message with evil sdp to FreeSWITCH, which may cause a crash. This type of crash may be caused by a URL ending with `%`. Version 1.13.8 contains a patch for this issue.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-31002
reference_id
reference_type
scores
0
value 0.01086
scoring_system epss
scoring_elements 0.78245
published_at 2026-06-04T12:55:00Z
1
value 0.01086
scoring_system epss
scoring_elements 0.78271
published_at 2026-06-05T12:55:00Z
2
value 0.01086
scoring_system epss
scoring_elements 0.78278
published_at 2026-06-06T12:55:00Z
3
value 0.01086
scoring_system epss
scoring_elements 0.78268
published_at 2026-06-07T12:55:00Z
4
value 0.01086
scoring_system epss
scoring_elements 0.78256
published_at 2026-06-08T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-31002
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31001
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31001
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31002
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31002
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31003
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31003
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-47516
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-47516
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22741
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22741
6
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1016974
reference_id 1016974
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1016974
7
reference_url https://github.com/freeswitch/sofia-sip/commit/51841eb53679434a386fb2dcbca925dcc48d58ba
reference_id 51841eb53679434a386fb2dcbca925dcc48d58ba
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:41:11Z/
url https://github.com/freeswitch/sofia-sip/commit/51841eb53679434a386fb2dcbca925dcc48d58ba
8
reference_url https://www.debian.org/security/2023/dsa-5410
reference_id dsa-5410
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:41:11Z/
url https://www.debian.org/security/2023/dsa-5410
9
reference_url https://github.com/freeswitch/sofia-sip/security/advisories/GHSA-g3x6-p824-x6hm
reference_id GHSA-g3x6-p824-x6hm
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:41:11Z/
url https://github.com/freeswitch/sofia-sip/security/advisories/GHSA-g3x6-p824-x6hm
10
reference_url https://security.gentoo.org/glsa/202210-18
reference_id GLSA-202210-18
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:41:11Z/
url https://security.gentoo.org/glsa/202210-18
11
reference_url https://lists.debian.org/debian-lts-announce/2022/09/msg00001.html
reference_id msg00001.html
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:41:11Z/
url https://lists.debian.org/debian-lts-announce/2022/09/msg00001.html
12
reference_url https://usn.ubuntu.com/5932-1/
reference_id USN-5932-1
reference_type
scores
url https://usn.ubuntu.com/5932-1/
fixed_packages
0
url pkg:deb/debian/sofia-sip@1.12.11%2B20110422.1-2.1%2Bdeb11u2
purl pkg:deb/debian/sofia-sip@1.12.11%2B20110422.1-2.1%2Bdeb11u2
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/sofia-sip@1.12.11%252B20110422.1-2.1%252Bdeb11u2
aliases CVE-2022-31002
risk_score 3.4
exploitability 0.5
weighted_severity 6.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ef58-vu9c-kffy
2
url VCID-n84b-v1va-1fhu
vulnerability_id VCID-n84b-v1va-1fhu
summary Sofia-SIP is an open-source SIP User-Agent library, compliant with the IETF RFC3261 specification. In affected versions Sofia-SIP **lacks both message length and attributes length checks** when it handles STUN packets, leading to controllable heap-over-flow. For example, in stun_parse_attribute(), after we get the attribute's type and length value, the length will be used directly to copy from the heap, regardless of the message's left size. Since network users control the overflowed length, and the data is written to heap chunks later, attackers may achieve remote code execution by heap grooming or other exploitation methods. The bug was introduced 16 years ago in sofia-sip 1.12.4 (plus some patches through 12/21/2006) to in tree libs with git-svn-id: http://svn.freeswitch.org/svn/freeswitch/trunk@3774 d0543943-73ff-0310-b7d9-9358b9ac24b2. Users are advised to upgrade. There are no known workarounds for this vulnerability.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-22741
reference_id
reference_type
scores
0
value 0.0148
scoring_system epss
scoring_elements 0.81322
published_at 2026-06-04T12:55:00Z
1
value 0.0148
scoring_system epss
scoring_elements 0.81349
published_at 2026-06-05T12:55:00Z
2
value 0.0148
scoring_system epss
scoring_elements 0.81352
published_at 2026-06-06T12:55:00Z
3
value 0.0148
scoring_system epss
scoring_elements 0.8135
published_at 2026-06-07T12:55:00Z
4
value 0.0148
scoring_system epss
scoring_elements 0.81346
published_at 2026-06-08T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-22741
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31001
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31001
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31002
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31002
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31003
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31003
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-47516
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-47516
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22741
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22741
6
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1029654
reference_id 1029654
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1029654
7
reference_url https://github.com/freeswitch/sofia-sip/commit/da53e4fbcb138b080a75576dd49c1fff2ada2764
reference_id da53e4fbcb138b080a75576dd49c1fff2ada2764
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-03-10T21:02:31Z/
url https://github.com/freeswitch/sofia-sip/commit/da53e4fbcb138b080a75576dd49c1fff2ada2764
8
reference_url https://www.debian.org/security/2023/dsa-5410
reference_id dsa-5410
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-03-10T21:02:31Z/
url https://www.debian.org/security/2023/dsa-5410
9
reference_url https://github.com/freeswitch/sofia-sip/security/advisories/GHSA-8599-x7rq-fr54
reference_id GHSA-8599-x7rq-fr54
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-03-10T21:02:31Z/
url https://github.com/freeswitch/sofia-sip/security/advisories/GHSA-8599-x7rq-fr54
10
reference_url https://security.gentoo.org/glsa/202407-10
reference_id GLSA-202407-10
reference_type
scores
url https://security.gentoo.org/glsa/202407-10
11
reference_url https://usn.ubuntu.com/5932-1/
reference_id USN-5932-1
reference_type
scores
url https://usn.ubuntu.com/5932-1/
fixed_packages
0
url pkg:deb/debian/sofia-sip@1.12.11%2B20110422.1-2.1%2Bdeb11u2
purl pkg:deb/debian/sofia-sip@1.12.11%2B20110422.1-2.1%2Bdeb11u2
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/sofia-sip@1.12.11%252B20110422.1-2.1%252Bdeb11u2
aliases CVE-2023-22741
risk_score 4.4
exploitability 0.5
weighted_severity 8.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-n84b-v1va-1fhu
3
url VCID-nk9s-zqx5-vkgs
vulnerability_id VCID-nk9s-zqx5-vkgs
summary Sofia-SIP is an open-source Session Initiation Protocol (SIP) User-Agent library. Prior to version 1.13.8, when parsing each line of a sdp message, `rest = record + 2` will access the memory behind `\0` and cause an out-of-bounds write. An attacker can send a message with evil sdp to FreeSWITCH, causing a crash or more serious consequence, such as remote code execution. Version 1.13.8 contains a patch for this issue.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-31003
reference_id
reference_type
scores
0
value 0.1379
scoring_system epss
scoring_elements 0.94417
published_at 2026-06-04T12:55:00Z
1
value 0.1379
scoring_system epss
scoring_elements 0.94425
published_at 2026-06-05T12:55:00Z
2
value 0.1379
scoring_system epss
scoring_elements 0.94427
published_at 2026-06-06T12:55:00Z
3
value 0.1379
scoring_system epss
scoring_elements 0.94429
published_at 2026-06-07T12:55:00Z
4
value 0.1379
scoring_system epss
scoring_elements 0.9443
published_at 2026-06-08T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-31003
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31001
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31001
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31002
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31002
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31003
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31003
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-47516
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-47516
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22741
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22741
6
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1016974
reference_id 1016974
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1016974
7
reference_url https://github.com/freeswitch/sofia-sip/commit/907f2ac0ee504c93ebfefd676b4632a3575908c9
reference_id 907f2ac0ee504c93ebfefd676b4632a3575908c9
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:41:07Z/
url https://github.com/freeswitch/sofia-sip/commit/907f2ac0ee504c93ebfefd676b4632a3575908c9
8
reference_url https://www.debian.org/security/2023/dsa-5410
reference_id dsa-5410
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:41:07Z/
url https://www.debian.org/security/2023/dsa-5410
9
reference_url https://github.com/freeswitch/sofia-sip/security/advisories/GHSA-8w5j-6g2j-pxcp
reference_id GHSA-8w5j-6g2j-pxcp
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:41:07Z/
url https://github.com/freeswitch/sofia-sip/security/advisories/GHSA-8w5j-6g2j-pxcp
10
reference_url https://security.gentoo.org/glsa/202210-18
reference_id GLSA-202210-18
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:41:07Z/
url https://security.gentoo.org/glsa/202210-18
11
reference_url https://lists.debian.org/debian-lts-announce/2022/09/msg00001.html
reference_id msg00001.html
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:41:07Z/
url https://lists.debian.org/debian-lts-announce/2022/09/msg00001.html
12
reference_url https://usn.ubuntu.com/5932-1/
reference_id USN-5932-1
reference_type
scores
url https://usn.ubuntu.com/5932-1/
fixed_packages
0
url pkg:deb/debian/sofia-sip@1.12.11%2B20110422.1-2.1%2Bdeb11u2
purl pkg:deb/debian/sofia-sip@1.12.11%2B20110422.1-2.1%2Bdeb11u2
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/sofia-sip@1.12.11%252B20110422.1-2.1%252Bdeb11u2
aliases CVE-2022-31003
risk_score 4.1
exploitability 0.5
weighted_severity 8.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-nk9s-zqx5-vkgs
4
url VCID-qwqc-nghe-3ka1
vulnerability_id VCID-qwqc-nghe-3ka1
summary An issue was discovered in the libsofia-sip fork in drachtio-server before 0.8.20. It allows remote attackers to cause a denial of service (daemon crash) via a crafted UDP message that leads to a failure of the libsofia-sip-ua/tport/tport.c self assertion.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-47516
reference_id
reference_type
scores
0
value 0.01257
scoring_system epss
scoring_elements 0.79724
published_at 2026-06-04T12:55:00Z
1
value 0.01257
scoring_system epss
scoring_elements 0.7975
published_at 2026-06-05T12:55:00Z
2
value 0.01257
scoring_system epss
scoring_elements 0.79756
published_at 2026-06-06T12:55:00Z
3
value 0.01257
scoring_system epss
scoring_elements 0.79751
published_at 2026-06-07T12:55:00Z
4
value 0.01257
scoring_system epss
scoring_elements 0.7974
published_at 2026-06-08T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-47516
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31001
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31001
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31002
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31002
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31003
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31003
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-47516
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-47516
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22741
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22741
6
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1031792
reference_id 1031792
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1031792
7
reference_url https://github.com/davehorton/sofia-sip/commit/13b2a135287caa2d67ac6cd5155626821e25b377
reference_id 13b2a135287caa2d67ac6cd5155626821e25b377
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-17T18:54:21Z/
url https://github.com/davehorton/sofia-sip/commit/13b2a135287caa2d67ac6cd5155626821e25b377
8
reference_url https://github.com/drachtio/drachtio-server/issues/244
reference_id 244
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-17T18:54:21Z/
url https://github.com/drachtio/drachtio-server/issues/244
9
reference_url https://www.debian.org/security/2023/dsa-5410
reference_id dsa-5410
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-17T18:54:21Z/
url https://www.debian.org/security/2023/dsa-5410
10
reference_url https://lists.debian.org/debian-lts-announce/2023/02/msg00028.html
reference_id msg00028.html
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-17T18:54:21Z/
url https://lists.debian.org/debian-lts-announce/2023/02/msg00028.html
11
reference_url https://usn.ubuntu.com/5932-1/
reference_id USN-5932-1
reference_type
scores
url https://usn.ubuntu.com/5932-1/
fixed_packages
0
url pkg:deb/debian/sofia-sip@1.12.11%2B20110422.1-2.1%2Bdeb11u2
purl pkg:deb/debian/sofia-sip@1.12.11%2B20110422.1-2.1%2Bdeb11u2
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/sofia-sip@1.12.11%252B20110422.1-2.1%252Bdeb11u2
aliases CVE-2022-47516
risk_score 3.4
exploitability 0.5
weighted_severity 6.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-qwqc-nghe-3ka1
5
url VCID-r456-aab2-1ubf
vulnerability_id VCID-r456-aab2-1ubf
summary Sofia-SIP is an open-source SIP User-Agent library, compliant with the IETF RFC3261 specification. Referring to [GHSA-8599-x7rq-fr54](https://github.com/freeswitch/sofia-sip/security/advisories/GHSA-8599-x7rq-fr54), several other potential heap-over-flow and integer-overflow in stun_parse_attr_error_code and stun_parse_attr_uint32 were found because the lack of attributes length check when Sofia-SIP handles STUN packets. The previous patch of [GHSA-8599-x7rq-fr54](https://github.com/freeswitch/sofia-sip/security/advisories/GHSA-8599-x7rq-fr54) fixed the vulnerability when attr_type did not match the enum value, but there are also vulnerabilities in the handling of other valid cases. The OOB read and integer-overflow made by attacker may lead to crash, high consumption of memory or even other more serious consequences. These issue have been addressed in version 1.13.15. Users are advised to upgrade.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-32307
reference_id
reference_type
scores
0
value 0.00361
scoring_system epss
scoring_elements 0.58578
published_at 2026-06-05T12:55:00Z
1
value 0.00361
scoring_system epss
scoring_elements 0.58565
published_at 2026-06-08T12:55:00Z
2
value 0.00361
scoring_system epss
scoring_elements 0.58579
published_at 2026-06-07T12:55:00Z
3
value 0.00361
scoring_system epss
scoring_elements 0.58587
published_at 2026-06-06T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-32307
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32307
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32307
2
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1036847
reference_id 1036847
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1036847
3
reference_url https://www.debian.org/security/2023/dsa-5431
reference_id dsa-5431
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-01-14T19:20:35Z/
url https://www.debian.org/security/2023/dsa-5431
4
reference_url https://github.com/freeswitch/sofia-sip/security/advisories/GHSA-rm4c-ccvf-ff9c
reference_id GHSA-rm4c-ccvf-ff9c
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-01-14T19:20:35Z/
url https://github.com/freeswitch/sofia-sip/security/advisories/GHSA-rm4c-ccvf-ff9c
5
reference_url https://security.gentoo.org/glsa/202407-10
reference_id GLSA-202407-10
reference_type
scores
url https://security.gentoo.org/glsa/202407-10
6
reference_url https://lists.debian.org/debian-lts-announce/2023/06/msg00002.html
reference_id msg00002.html
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-01-14T19:20:35Z/
url https://lists.debian.org/debian-lts-announce/2023/06/msg00002.html
7
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OY66DOQ3B7GULJTI66X5HNX5FU3P65CX/
reference_id OY66DOQ3B7GULJTI66X5HNX5FU3P65CX
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-01-14T19:20:35Z/
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OY66DOQ3B7GULJTI66X5HNX5FU3P65CX/
8
reference_url https://usn.ubuntu.com/6448-1/
reference_id USN-6448-1
reference_type
scores
url https://usn.ubuntu.com/6448-1/
fixed_packages
0
url pkg:deb/debian/sofia-sip@1.12.11%2B20110422.1-2.1%2Bdeb11u2
purl pkg:deb/debian/sofia-sip@1.12.11%2B20110422.1-2.1%2Bdeb11u2
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/sofia-sip@1.12.11%252B20110422.1-2.1%252Bdeb11u2
aliases CVE-2023-32307
risk_score 3.4
exploitability 0.5
weighted_severity 6.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-r456-aab2-1ubf
Fixing_vulnerabilities
Risk_score4.4
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:deb/debian/sofia-sip@1.12.11%252B20110422.1-2.1