CVE-2022-47516

CVSS V2 None CVSS V3 None
Description
An issue was discovered in the libsofia-sip fork in drachtio-server before 0.8.20. It allows remote attackers to cause a denial of service (daemon crash) via a crafted UDP message that leads to a failure of the libsofia-sip-ua/tport/tport.c self assertion.
Overview
  • CVE ID
  • CVE-2022-47516
  • Assigner
  • cve@mitre.org
  • Vulnerability Status
  • Modified
  • Published Version
  • 2022-12-18T05:15:11
  • Last Modified Date
  • 2023-02-23T00:15:11
Weakness Enumerations
CWE URL
CWE-617 http://cwe.mitre.org/data/definitions/617.html
CPE Configuration (Product)
CPE Vulnerable Operator Version Start Version End
cpe:2.3:a:drachtio:drachtio-server:*:*:*:*:*:*:*:* 1 OR 0.8.20
References
Reference URL Reference Tags
https://github.com/davehorton/sofia-sip/commit/13b2a135287caa2d67ac6cd5155626821e25b377 Patch Third Party Advisory
https://github.com/drachtio/drachtio-server/issues/244 Exploit Third Party Advisory
https://lists.debian.org/debian-lts-announce/2023/02/msg00028.html
Sources
Source Name Source URL
NIST https://nvd.nist.gov/vuln/detail/CVE-2022-47516
MITRE https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-47516
History
Created Old Value New Value Data Type Notes
2022-12-18 09:32:00 Added to TrackCVE
2022-12-19 03:15:39 2022-12-18T05:15:11.200 2022-12-18T05:15:11 CVE Published Date updated
2022-12-19 03:15:39 2022-12-19T02:27:34 CVE Modified Date updated
2022-12-19 03:15:39 Received Awaiting Analysis Vulnerability Status updated
2022-12-21 07:03:05 Awaiting Analysis Undergoing Analysis Vulnerability Status updated
2022-12-22 15:15:30 2022-12-22T14:33:30 CVE Modified Date updated
2022-12-22 15:15:30 Undergoing Analysis Analyzed Vulnerability Status updated
2022-12-22 15:15:31 Weakness Enumeration new
2022-12-22 15:15:32 CPE Information updated
2023-02-23 01:18:21 2023-02-23T00:15:11 CVE Modified Date updated
2023-02-23 01:18:21 Analyzed Modified Vulnerability Status updated
2023-02-23 01:18:22 References updated