{"id":"CVE-2022-31002","summary":"Out-of-bounds Read in Sofia-SIP","details":"Sofia-SIP is an open-source Session Initiation Protocol (SIP) User-Agent library. Prior to version 1.13.8, an attacker can send a message with evil sdp to FreeSWITCH, which may cause a crash. This type of crash may be caused by a URL ending with `%`. Version 1.13.8 contains a patch for this issue.","aliases":["GHSA-g3x6-p824-x6hm"],"modified":"2026-04-16T04:44:37.333383040Z","published":"2022-05-31T00:00:00Z","database_specific":{"cwe_ids":["CWE-125"],"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/31xxx/CVE-2022-31002.json","cna_assigner":"GitHub_M"},"references":[{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/31xxx/CVE-2022-31002.json"},{"type":"ADVISORY","url":"https://github.com/freeswitch/sofia-sip/security/advisories/GHSA-g3x6-p824-x6hm"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2022-31002"},{"type":"ADVISORY","url":"https://security.gentoo.org/glsa/202210-18"},{"type":"ADVISORY","url":"https://www.debian.org/security/2023/dsa-5410"},{"type":"FIX","url":"https://github.com/freeswitch/sofia-sip/commit/51841eb53679434a386fb2dcbca925dcc48d58ba"},{"type":"ARTICLE","url":"https://lists.debian.org/debian-lts-announce/2022/09/msg00001.html"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/freeswitch/sofia-sip","events":[{"introduced":"0"},{"fixed":"756ab9b5c9370423489e0d6a27166863c7a57fef"}]}],"versions":["v1.13.2","v1.13.3","v1.13.5","v1.13.6","v1.13.7"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-31002.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}]}