VulnerableCode Package Details - pkg:ebuild/net-libs/sofia-sip@1.13.8

Search for packages

Vulnerability	Summary	Fixed by
This package is not known to be affected by vulnerabilities.

Vulnerability

Summary

Fixed by

This package is not known to be affected by vulnerabilities.

Vulnerability	Summary	Aliases
VCID-7zys-jfw3-rkhf	Sofia-SIP is an open-source Session Initiation Protocol (SIP) User-Agent library. Prior to version 1.13.8, an attacker can send a message with evil sdp to FreeSWITCH, which may cause crash. This type of crash may be caused by `#define MATCH(s, m) (strncmp(s, m, n = sizeof(m) - 1) == 0)`, which will make `n` bigger and trigger out-of-bound access when `IS_NON_WS(s[n])`. Version 1.13.8 contains a patch for this issue.	CVE-2022-31001
VCID-ef58-vu9c-kffy	Sofia-SIP is an open-source Session Initiation Protocol (SIP) User-Agent library. Prior to version 1.13.8, an attacker can send a message with evil sdp to FreeSWITCH, which may cause a crash. This type of crash may be caused by a URL ending with `%`. Version 1.13.8 contains a patch for this issue.	CVE-2022-31002
VCID-nk9s-zqx5-vkgs	Sofia-SIP is an open-source Session Initiation Protocol (SIP) User-Agent library. Prior to version 1.13.8, when parsing each line of a sdp message, `rest = record + 2` will access the memory behind `\0` and cause an out-of-bounds write. An attacker can send a message with evil sdp to FreeSWITCH, causing a crash or more serious consequence, such as remote code execution. Version 1.13.8 contains a patch for this issue.	CVE-2022-31003

Vulnerability

Summary

Aliases

VCID-7zys-jfw3-rkhf

Sofia-SIP is an open-source Session Initiation Protocol (SIP) User-Agent library. Prior to version 1.13.8, an attacker can send a message with evil sdp to FreeSWITCH, which may cause crash. This type of crash may be caused by `#define MATCH(s, m) (strncmp(s, m, n = sizeof(m) - 1) == 0)`, which will make `n` bigger and trigger out-of-bound access when `IS_NON_WS(s[n])`. Version 1.13.8 contains a patch for this issue.

CVE-2022-31001

VCID-ef58-vu9c-kffy

Sofia-SIP is an open-source Session Initiation Protocol (SIP) User-Agent library. Prior to version 1.13.8, an attacker can send a message with evil sdp to FreeSWITCH, which may cause a crash. This type of crash may be caused by a URL ending with `%`. Version 1.13.8 contains a patch for this issue.

CVE-2022-31002

VCID-nk9s-zqx5-vkgs

Sofia-SIP is an open-source Session Initiation Protocol (SIP) User-Agent library. Prior to version 1.13.8, when parsing each line of a sdp message, `rest = record + 2` will access the memory behind `\0` and cause an out-of-bounds write. An attacker can send a message with evil sdp to FreeSWITCH, causing a crash or more serious consequence, such as remote code execution. Version 1.13.8 contains a patch for this issue.

CVE-2022-31003

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-06-05T17:28:16.100191+00:00	Gentoo Importer	Fixing	VCID-nk9s-zqx5-vkgs	https://security.gentoo.org/glsa/202210-18	38.6.0
2026-06-05T17:28:16.082740+00:00	Gentoo Importer	Fixing	VCID-ef58-vu9c-kffy	https://security.gentoo.org/glsa/202210-18	38.6.0
2026-06-05T17:28:16.065360+00:00	Gentoo Importer	Fixing	VCID-7zys-jfw3-rkhf	https://security.gentoo.org/glsa/202210-18	38.6.0