Bugzilla – Bug 1200117
VUL-0: CVE-2022-31002: sofia-sip: out of bounds read via malformed URL
Last modified: 2022-06-01 14:15:02 UTC
Sofia-SIP is an open-source Session Initiation Protocol (SIP) User-Agent
library. Prior to version 1.13.8, an attacker can send a message with evil sdp
to FreeSWITCH, which may cause a crash. This type of crash may be caused by a
URL ending with `%`. Version 1.13.8 contains a patch for this issue.