Vulnerabilities > Signalwire
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-05-26 | CVE-2023-32307 | Heap-based Buffer Overflow vulnerability in multiple products Sofia-SIP is an open-source SIP User-Agent library, compliant with the IETF RFC3261 specification. Referring to [GHSA-8599-x7rq-fr54](https://github.com/freeswitch/sofia-sip/security/advisories/GHSA-8599-x7rq-fr54), several other potential heap-over-flow and integer-overflow in stun_parse_attr_error_code and stun_parse_attr_uint32 were found because the lack of attributes length check when Sofia-SIP handles STUN packets. | 7.5 |
| 2023-01-19 | CVE-2023-22741 | Classic Buffer Overflow vulnerability in Signalwire Sofia-Sip Sofia-SIP is an open-source SIP User-Agent library, compliant with the IETF RFC3261 specification. | 9.8 |
| 2022-05-31 | CVE-2022-31001 | Out-of-bounds Read vulnerability in multiple products Sofia-SIP is an open-source Session Initiation Protocol (SIP) User-Agent library. | 7.5 |
| 2022-05-31 | CVE-2022-31003 | Heap-based Buffer Overflow vulnerability in multiple products Sofia-SIP is an open-source Session Initiation Protocol (SIP) User-Agent library. | 9.8 |
| 2022-05-31 | CVE-2022-31002 | Out-of-bounds Read vulnerability in multiple products Sofia-SIP is an open-source Session Initiation Protocol (SIP) User-Agent library. | 7.5 |
| 2021-10-18 | CVE-2021-36513 | Missing Initialization of Resource vulnerability in Signalwire Freeswitch An issue was discovered in function sofia_handle_sip_i_notify in sofia.c in SignalWire freeswitch before 1.10.6, may allow attackers to view sensitive information due to an uninitialized value. | 5.0 |