| Name | CVE-2022-47516 |
| Description | An issue was discovered in the libsofia-sip fork in drachtio-server before 0.8.20. It allows remote attackers to cause a denial of service (daemon crash) via a crafted UDP message that leads to a failure of the libsofia-sip-ua/tport/tport.c self assertion. |
| Source | CVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more) |
| References | DLA-3334-1, DSA-5410-1 |
| Debian Bugs | 1031792 |
The table below lists information on source packages.
| Source Package | Release | Version | Status |
|---|---|---|---|
| sofia-sip (PTS) | jessie | 1.12.11+20110422.1-2 | vulnerable |
| stretch | 1.12.11+20110422.1-2.1 | vulnerable | |
| buster (security), buster, buster (lts) | 1.12.11+20110422.1-2.1+deb10u4 | fixed | |
| bullseye (security), bullseye | 1.12.11+20110422.1-2.1+deb11u2 | fixed | |
| bookworm | 1.12.11+20110422.1+1e14eea~dfsg-6 | fixed | |
| sid, trixie | 1.12.11+20110422.1+1e14eea~dfsg-6.1 | fixed |
The information below is based on the following data on fixed versions.
| Package | Type | Release | Fixed Version | Urgency | Origin | Debian Bugs |
|---|---|---|---|---|---|---|
| sofia-sip | source | jessie | (unfixed) | end-of-life | ||
| sofia-sip | source | stretch | (unfixed) | end-of-life | ||
| sofia-sip | source | buster | 1.12.11+20110422.1-2.1+deb10u3 | DLA-3334-1 | ||
| sofia-sip | source | bullseye | 1.12.11+20110422.1-2.1+deb11u1 | DSA-5410-1 | ||
| sofia-sip | source | (unstable) | 1.12.11+20110422.1+1e14eea~dfsg-5 | 1031792 |
Report in fork: https://github.com/drachtio/drachtio-server/issues/244
https://github.com/freeswitch/sofia-sip/commit/cadf505d88e2971d24b6a4379ddbb1398d8ec443 (v1.13.14)