sofia-sip is vulnerable to Remote Code Execution (RCE). When parsing each line of a sdp message, rest = record + 2
will access the memory behind \0
and cause an out-of-bounds write. An attacker is able to send a message with evil sdp to FreeSWITCH, causing a crash or more serious consequence, such as remote code execution.
github.com/freeswitch/sofia-sip/commit/907f2ac0ee504c93ebfefd676b4632a3575908c9
github.com/freeswitch/sofia-sip/security/advisories/GHSA-8w5j-6g2j-pxcp
lists.debian.org/debian-lts-announce/2022/09/msg00001.html
secdb.alpinelinux.org/edge/main.yaml
secdb.alpinelinux.org/v3.14/main.yaml
secdb.alpinelinux.org/v3.15/main.yaml
secdb.alpinelinux.org/v3.16/main.yaml
secdb.alpinelinux.org/v3.17/main.yaml
security.gentoo.org/glsa/202210-18
www.debian.org/security/2023/dsa-5410