Vulnerabilities > Signalwire > Sofia SIP > 1.13.3

DATE CVE VULNERABILITY TITLE RISK
2023-05-26 CVE-2023-32307 Heap-based Buffer Overflow vulnerability in multiple products
Sofia-SIP is an open-source SIP User-Agent library, compliant with the IETF RFC3261 specification. Referring to [GHSA-8599-x7rq-fr54](https://github.com/freeswitch/sofia-sip/security/advisories/GHSA-8599-x7rq-fr54), several other potential heap-over-flow and integer-overflow in stun_parse_attr_error_code and stun_parse_attr_uint32 were found because the lack of attributes length check when Sofia-SIP handles STUN packets.
network
low complexity
signalwire debian CWE-122
7.5
7.5
2023-01-19 CVE-2023-22741 Classic Buffer Overflow vulnerability in Signalwire Sofia-Sip
Sofia-SIP is an open-source SIP User-Agent library, compliant with the IETF RFC3261 specification.
network
low complexity
signalwire CWE-120
critical
 9.8
9.8
2022-05-31 CVE-2022-31001 Out-of-bounds Read vulnerability in multiple products
Sofia-SIP is an open-source Session Initiation Protocol (SIP) User-Agent library.
network
low complexity
signalwire debian CWE-125
7.5
7.5
2022-05-31 CVE-2022-31003 Heap-based Buffer Overflow vulnerability in multiple products
Sofia-SIP is an open-source Session Initiation Protocol (SIP) User-Agent library.
network
low complexity
signalwire debian CWE-122
critical
 9.8
9.8
2022-05-31 CVE-2022-31002 Out-of-bounds Read vulnerability in multiple products
Sofia-SIP is an open-source Session Initiation Protocol (SIP) User-Agent library.
network
low complexity
signalwire debian CWE-125
7.5
7.5