CVE-2022-31002

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions Sofia-SIP versions prior to 1.13.8

Description Sofia-SIP is an open-source Session Initiation Protocol (SIP) User-Agent library. An attacker can send a message with evil sdp to FreeSWITCH, which may cause a crash. This type of crash may be caused by a URL ending with %.

Recommendations For versions prior to 1.13.8, update to version 1.13.8 to resolve the issue. As a temporary workaround, consider restricting the handling of URLs ending with % to minimize the risk of exploitation.

Exploit

Fix

Out of bounds Read

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-125

Related Identifiers

BDU:2025-09872

CVE-2022-31002

DLA-3091-1

DSA-5410-1

GHSA-G3X6-P824-X6HM

MGASA-2022-0343

USN-5932-1

Affected Products

Freeswitch

Linuxmint

Red Os

Sofia-Sip

Ubuntu

CVE-2022-31002

Weakness Enumeration

Related Identifiers

Affected Products

References · 35