CVE-2023-22741

Name of the Vulnerable Software and Affected Versions Sofia-SIP versions 1.12.4 and later, up to the version before the fix was introduced

Description The issue is related to the lack of message length and attributes length checks when handling STUN packets, leading to a controllable heap-over-flow. This can be exploited by attackers to achieve remote code execution through heap grooming or other methods. The bug was introduced 16 years ago and users are advised to upgrade. There are no known workarounds for this vulnerability.

Recommendations For Sofia-SIP versions 1.12.4 and later, up to the version before the fix was introduced: Upgrade to a newer version to resolve the issue. As a temporary workaround, consider restricting access to the stun parse attribute() function until a patch is available. Avoid using the length variable in the affected STUN packet handling code until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.