{"id":"CVE-2022-47516","details":"An issue was discovered in the libsofia-sip fork in drachtio-server before 0.8.20. It allows remote attackers to cause a denial of service (daemon crash) via a crafted UDP message that leads to a failure of the libsofia-sip-ua/tport/tport.c self assertion.","modified":"2026-04-16T04:43:17.515684578Z","published":"2022-12-18T05:15:11.200Z","references":[{"type":"WEB","url":"https://lists.debian.org/debian-lts-announce/2023/02/msg00028.html"},{"type":"ADVISORY","url":"https://www.debian.org/security/2023/dsa-5410"},{"type":"FIX","url":"https://github.com/davehorton/sofia-sip/commit/13b2a135287caa2d67ac6cd5155626821e25b377"},{"type":"EVIDENCE","url":"https://github.com/drachtio/drachtio-server/issues/244"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/davehorton/sofia-sip","events":[{"introduced":"0"},{"fixed":"13b2a135287caa2d67ac6cd5155626821e25b377"}]},{"type":"GIT","repo":"https://github.com/drachtio/drachtio-server","events":[{"introduced":"0"},{"fixed":"dd5946eb6525b1e11b3f6defda5725de4827cc71"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"0.8.20"}]}}],"versions":["0.0.4-rc2","0.2.0","0.3.0","0.4.0-rc1","0.4.0-rc3","0.4.0-rc4","0.4.0-rc5","0.4.0-rc6","0.4.1","0.4.1-rc1","0.4.1-rc2","0.4.1-rc3","0.5.0","0.5.0-rc1","0.5.0-rc2","0.5.0-rc3","0.5.0-rc4","0.5.0-rc5","0.5.0-rc6","gc-v1.1","v0.6.0","v0.7.2-rc1","v0.7.2-rc2","v0.7.2-rc3","v0.7.2-rc4","v0.7.3","v0.7.3-rc1","v0.7.3-rc2","v0.7.3-rc3","v0.7.3-rc5","v0.7.3-rc6","v0.7.4-rc1","v0.7.4-rc2","v0.8.0","v0.8.0-rc1","v0.8.0-rc2","v0.8.0-rc3","v0.8.0-rc4","v0.8.0-rc5","v0.8.0-rc6","v0.8.0-rc7","v0.8.1","v0.8.1-rc1","v0.8.1-rc2","v0.8.1-rc3","v0.8.10","v0.8.10-rc1","v0.8.11","v0.8.11-rc1","v0.8.11-rc2","v0.8.12","v0.8.12-rc1","v0.8.12-rc2","v0.8.12-rc3","v0.8.13","v0.8.13-rc1","v0.8.13-rc2","v0.8.13-rc3","v0.8.13-rc4","v0.8.14","v0.8.15","v0.8.16","v0.8.16-rc1","v0.8.16-rc2","v0.8.17","v0.8.17-rc1","v0.8.17-rc4","v0.8.18","v0.8.18-rc1","v0.8.18-rc2","v0.8.18-rc3","v0.8.18-rc4","v0.8.18-rc5","v0.8.18-rc6","v0.8.18-rc7","v0.8.18-rc8","v0.8.19","v0.8.19-rc1","v0.8.19-rc10","v0.8.19-rc11","v0.8.19-rc12","v0.8.19-rc13","v0.8.19-rc14","v0.8.19-rc2","v0.8.19-rc3","v0.8.19-rc4","v0.8.19-rc5","v0.8.19-rc6","v0.8.19-rc7","v0.8.19-rc8","v0.8.19-rc9","v0.8.2","v0.8.2-rc1","v0.8.2-rc2","v0.8.2-rc3","v0.8.20-rc1","v0.8.20-rc2","v0.8.20-rc3","v0.8.20-rc4","v0.8.3","v0.8.3-rc1","v0.8.3-rc2","v0.8.3-rc3","v0.8.4","v0.8.4-rc1","v0.8.4-rc2","v0.8.4-rc3","v0.8.4-rc4","v0.8.4-rc5","v0.8.4-rc6","v0.8.4-rc7","v0.8.5","v0.8.5-rc1","v0.8.5-rc2","v0.8.5-rc3","v0.8.6","v0.8.6-rc1","v0.8.6-rc2","v0.8.7","v0.8.7-rc1","v0.8.7-rc2","v0.8.7-rc3","v0.8.7-rc4","v0.8.7-rc5","v0.8.7-rc6","v0.8.7-rc7","v0.8.8","v0.8.8-rc1","v0.8.8-rc2","v0.8.9","v0.8.9-rc1","v0.8.9-rc2"],"database_specific":{"vanir_signatures":[{"target":{"file":"libsofia-sip-ua/tport/tport.c"},"source":"https://github.com/davehorton/sofia-sip/commit/13b2a135287caa2d67ac6cd5155626821e25b377","signature_type":"Line","id":"CVE-2022-47516-6838b271","signature_version":"v1","deprecated":false,"digest":{"threshold":0.9,"line_hashes":["137665327021306405935673177103996540739","222660642482478647502609743690131795640","126945473246565109207045912794547003621","75899966100980029990415126950327193709"]}},{"id":"CVE-2022-47516-9a251d5e","target":{"file":"src/controller.cpp"},"digest":{"threshold":0.9,"line_hashes":["332083738435093446771916377898312945208","255569788703833788770916166827643568470","165363004683784641494336107676070664102","153418132714500510589381506844718292084"]},"source":"https://github.com/drachtio/drachtio-server/commit/dd5946eb6525b1e11b3f6defda5725de4827cc71","signature_version":"v1","deprecated":false,"signature_type":"Line"},{"target":{"function":"DrachtioController::initializeLogging","file":"src/controller.cpp"},"source":"https://github.com/drachtio/drachtio-server/commit/dd5946eb6525b1e11b3f6defda5725de4827cc71","digest":{"function_hash":"302820561589657871601387665499720260476","length":3405},"signature_type":"Function","signature_version":"v1","deprecated":false,"id":"CVE-2022-47516-b06b2c85"},{"signature_type":"Function","id":"CVE-2022-47516-b0dbb540","digest":{"function_hash":"9098198435050197295798369122218213473","length":3356},"target":{"function":"tport_tsend","file":"libsofia-sip-ua/tport/tport.c"},"signature_version":"v1","deprecated":false,"source":"https://github.com/davehorton/sofia-sip/commit/13b2a135287caa2d67ac6cd5155626821e25b377"}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-47516.json","vanir_signatures_modified":"2026-04-11T23:22:43Z"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}]}