CVE-2023-32307

Name of the Vulnerable Software and Affected Versions Sofia-SIP versions prior to 1.13.15

Description Sofia-SIP is an open-source SIP User-Agent library, compliant with the IETF RFC3261 specification. Several potential heap-over-flow and integer-overflow vulnerabilities were found in stun parse attr error code and stun parse attr uint32 due to the lack of attributes length check when Sofia-SIP handles STUN packets. The previous patch fixed the vulnerability when attr type did not match the enum value, but there are also vulnerabilities in the handling of other valid cases. The OOB read and integer-overflow made by an attacker may lead to crash, high consumption of memory or even other more serious consequences.

Recommendations To resolve the issue, upgrade to version 1.13.15 or later. As a temporary workaround, consider restricting the handling of STUN packets to minimize the risk of exploitation. Avoid using the stun parse attr error code and stun parse attr uint32 functions until the issue is resolved.