Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-qwqc-nghe-3ka1
Vulnerability ID VCID-qwqc-nghe-3ka1
Aliases CVE-2022-47516
Summary An issue was discovered in the libsofia-sip fork in drachtio-server before 0.8.20. It allows remote attackers to cause a denial of service (daemon crash) via a crafted UDP message that leads to a failure of the libsofia-sip-ua/tport/tport.c self assertion.
Status Published
Exploitability 0.5
Weighted Severity 6.8
Risk 3.4
Affected and Fixed Packages Package Details
Weaknesses (0)
There are no known CWE.
System Score Found at
epss 0.01257 https://api.first.org/data/v1/epss?cve=CVE-2022-47516
epss 0.01257 https://api.first.org/data/v1/epss?cve=CVE-2022-47516
epss 0.01257 https://api.first.org/data/v1/epss?cve=CVE-2022-47516
epss 0.01257 https://api.first.org/data/v1/epss?cve=CVE-2022-47516
epss 0.01257 https://api.first.org/data/v1/epss?cve=CVE-2022-47516
cvssv3.1 7.5 https://github.com/davehorton/sofia-sip/commit/13b2a135287caa2d67ac6cd5155626821e25b377
ssvc Track https://github.com/davehorton/sofia-sip/commit/13b2a135287caa2d67ac6cd5155626821e25b377
cvssv3.1 7.5 https://github.com/drachtio/drachtio-server/issues/244
ssvc Track https://github.com/drachtio/drachtio-server/issues/244
cvssv3.1 7.5 https://lists.debian.org/debian-lts-announce/2023/02/msg00028.html
ssvc Track https://lists.debian.org/debian-lts-announce/2023/02/msg00028.html
cvssv3.1 7.5 https://www.debian.org/security/2023/dsa-5410
ssvc Track https://www.debian.org/security/2023/dsa-5410
Reference id Reference type URL
https://api.first.org/data/v1/epss?cve=CVE-2022-47516
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31001
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31002
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31003
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-47516
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22741
1031792 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1031792
13b2a135287caa2d67ac6cd5155626821e25b377 https://github.com/davehorton/sofia-sip/commit/13b2a135287caa2d67ac6cd5155626821e25b377
244 https://github.com/drachtio/drachtio-server/issues/244
dsa-5410 https://www.debian.org/security/2023/dsa-5410
msg00028.html https://lists.debian.org/debian-lts-announce/2023/02/msg00028.html
USN-5932-1 https://usn.ubuntu.com/5932-1/
No exploits are available.
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://github.com/davehorton/sofia-sip/commit/13b2a135287caa2d67ac6cd5155626821e25b377
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-17T18:54:21Z/ Found at https://github.com/davehorton/sofia-sip/commit/13b2a135287caa2d67ac6cd5155626821e25b377
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://github.com/drachtio/drachtio-server/issues/244
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-17T18:54:21Z/ Found at https://github.com/drachtio/drachtio-server/issues/244
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://lists.debian.org/debian-lts-announce/2023/02/msg00028.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-17T18:54:21Z/ Found at https://lists.debian.org/debian-lts-announce/2023/02/msg00028.html
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://www.debian.org/security/2023/dsa-5410
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-17T18:54:21Z/ Found at https://www.debian.org/security/2023/dsa-5410
Exploit Prediction Scoring System (EPSS)
Percentile 0.79724
EPSS Score 0.01257
Published At June 4, 2026, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2026-06-04T17:11:07.963287+00:00 Debian Importer Import https://security-tracker.debian.org/tracker/data/json 38.6.0