{"id":"CVE-2022-45909","details":"drachtio-server before 0.8.19 has a heap-based buffer over-read via a long Request-URI in an INVITE request.","modified":"2026-04-11T23:22:36.571287Z","published":"2022-11-26T03:15:10.633Z","references":[{"type":"ADVISORY","url":"https://github.com/drachtio/drachtio-server/pull/238"},{"type":"FIX","url":"https://github.com/drachtio/drachtio-server/commit/a63d01854987d9fd846cdc9265af38ee9eb72490"},{"type":"FIX","url":"https://github.com/drachtio/drachtio-server/compare/v0.8.18...v0.8.19"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/drachtio/drachtio-server","events":[{"introduced":"0"},{"fixed":"2a1c9b87ef379c6b4fb1c8b8372fa99a0c5e594c"},{"fixed":"a63d01854987d9fd846cdc9265af38ee9eb72490"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"0.8.19"}]}}],"versions":["0.0.4-rc2","0.2.0","0.3.0","0.4.0-rc1","0.4.0-rc3","0.4.0-rc4","0.4.0-rc5","0.4.0-rc6","0.4.1","0.4.1-rc1","0.4.1-rc2","0.4.1-rc3","0.5.0","0.5.0-rc1","0.5.0-rc2","0.5.0-rc3","0.5.0-rc4","0.5.0-rc5","0.5.0-rc6","gc-v1.1","v0.6.0","v0.7.2-rc1","v0.7.2-rc2","v0.7.2-rc3","v0.7.2-rc4","v0.7.3","v0.7.3-rc1","v0.7.3-rc2","v0.7.3-rc3","v0.7.3-rc5","v0.7.3-rc6","v0.7.4-rc1","v0.7.4-rc2","v0.8.0","v0.8.0-rc1","v0.8.0-rc2","v0.8.0-rc3","v0.8.0-rc4","v0.8.0-rc5","v0.8.0-rc6","v0.8.0-rc7","v0.8.1","v0.8.1-rc1","v0.8.1-rc2","v0.8.1-rc3","v0.8.10","v0.8.10-rc1","v0.8.11","v0.8.11-rc1","v0.8.11-rc2","v0.8.12","v0.8.12-rc1","v0.8.12-rc2","v0.8.12-rc3","v0.8.13","v0.8.13-rc1","v0.8.13-rc2","v0.8.13-rc3","v0.8.13-rc4","v0.8.14","v0.8.15","v0.8.16","v0.8.16-rc1","v0.8.16-rc2","v0.8.17","v0.8.17-rc1","v0.8.17-rc4","v0.8.18","v0.8.18-rc1","v0.8.18-rc2","v0.8.18-rc3","v0.8.18-rc4","v0.8.18-rc5","v0.8.18-rc6","v0.8.18-rc7","v0.8.18-rc8","v0.8.19-rc1","v0.8.19-rc10","v0.8.19-rc11","v0.8.19-rc12","v0.8.19-rc13","v0.8.19-rc2","v0.8.19-rc3","v0.8.19-rc4","v0.8.19-rc5","v0.8.19-rc6","v0.8.19-rc7","v0.8.19-rc8","v0.8.19-rc9","v0.8.2","v0.8.2-rc1","v0.8.2-rc2","v0.8.2-rc3","v0.8.3","v0.8.3-rc1","v0.8.3-rc2","v0.8.3-rc3","v0.8.4","v0.8.4-rc1","v0.8.4-rc2","v0.8.4-rc3","v0.8.4-rc4","v0.8.4-rc5","v0.8.4-rc6","v0.8.4-rc7","v0.8.5","v0.8.5-rc1","v0.8.5-rc2","v0.8.5-rc3","v0.8.6","v0.8.6-rc1","v0.8.6-rc2","v0.8.7","v0.8.7-rc1","v0.8.7-rc2","v0.8.7-rc3","v0.8.7-rc4","v0.8.7-rc5","v0.8.7-rc6","v0.8.7-rc7","v0.8.8","v0.8.8-rc1","v0.8.8-rc2","v0.8.9","v0.8.9-rc1","v0.8.9-rc2"],"database_specific":{"vanir_signatures_modified":"2026-04-11T23:22:36Z","source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-45909.json","vanir_signatures":[{"source":"https://github.com/drachtio/drachtio-server/commit/a63d01854987d9fd846cdc9265af38ee9eb72490","signature_version":"v1","id":"CVE-2022-45909-3462e710","signature_type":"Function","digest":{"function_hash":"48911117683677822342270035495101412144","length":714},"deprecated":false,"target":{"file":"src/drachtio.cpp","function":"replaceHostInUri"}},{"source":"https://github.com/drachtio/drachtio-server/commit/a63d01854987d9fd846cdc9265af38ee9eb72490","signature_version":"v1","id":"CVE-2022-45909-89479ef4","signature_type":"Function","digest":{"function_hash":"312014394300180352408018961486957017217","length":6807},"deprecated":false,"target":{"file":"src/sip-dialog-controller.cpp","function":"SipDialogController::doSendRequestOutsideDialog"}},{"source":"https://github.com/drachtio/drachtio-server/commit/a63d01854987d9fd846cdc9265af38ee9eb72490","signature_version":"v1","id":"CVE-2022-45909-89d2a7f9","signature_type":"Line","digest":{"line_hashes":["173887540469091841827460764864390575373","188349718359246778016474659237419184199","159441422165416761695439248928293551585","145771553482162377364951822723205807377"],"threshold":0.9},"deprecated":false,"target":{"file":"src/sip-dialog-controller.cpp"}},{"source":"https://github.com/drachtio/drachtio-server/commit/a63d01854987d9fd846cdc9265af38ee9eb72490","signature_version":"v1","id":"CVE-2022-45909-98a19c6b","signature_type":"Line","digest":{"line_hashes":["308895931370780289037817731644949720650","18887311210313513241742494357455520334","17262410427813468800352683010318981897","143198742574352404509234678123892627862","109233899288363154394140005067192936642","313491627081995253791589165019414864327","285539031113787067761754176724067407056","113357695784990598716387082601722011160","309727836580361749336855971753914385412","174021275461248776362250846735391303128","15622927304554018405338669965819329409","337881953447565756890116924022054640005","123833256504037198059720387926178613357","131048642867098245778752429795500113083","139138150528047721027745628171505283444","33705096803636646192832550792178960779","283530433338298433483933372682756287857","157876974244062788204676127843600275187","109233899288363154394140005067192936642","313491627081995253791589165019414864327","285539031113787067761754176724067407056","113357695784990598716387082601722011160","64096817364896115797026078388411008579","3719894081240484297858392726354349421","167293436707050195959991182832179656668","16362175646642123959572636117071100923"],"threshold":0.9},"deprecated":false,"target":{"file":"src/drachtio.cpp"}},{"source":"https://github.com/drachtio/drachtio-server/commit/a63d01854987d9fd846cdc9265af38ee9eb72490","signature_version":"v1","id":"CVE-2022-45909-f748e187","signature_type":"Function","digest":{"function_hash":"90303397673475206243392709245817075335","length":823},"deprecated":false,"target":{"file":"src/drachtio.cpp","function":"normalizeSipUri"}}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H"}]}