CVE-2022-47516

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions drachtio-server versions prior to 0.8.20

Description An issue in the libsofia-sip fork allows remote attackers to cause a denial of service via a crafted UDP message, leading to a daemon crash due to a failure in the libsofia-sip-ua/tport/tport.c self assertion. The config sortlist function is also missing checks for input string validity, potentially allowing an arbitrary length stack overflow.

Recommendations For versions prior to 0.8.20, update to version 0.8.20 or later to resolve the issue. As a temporary workaround, consider restricting access to the vulnerable libsofia-sip-ua/tport/tport.c module to minimize the risk of exploitation. Avoid using crafted UDP messages that could lead to a denial of service until the issue is resolved.

Exploit

Fix

DoS

Assertion Failure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-617

Related Identifiers

BDU:2025-09869

CVE-2022-47516

DLA-3334-1

DSA-5410-1

MGASA-2023-0072

USN-5932-1

Affected Products

Linuxmint

Red Os

Ubuntu

Drachtio-Server

Libsofia-Sip

CVE-2022-47516

Weakness Enumeration

Related Identifiers

Affected Products

References · 30