SB2023030814 - Denial of service in Drachtio Server
Published: March 8, 2023
Security Bulletin ID
SB2023030814
Severity
Medium
Patch available
YES
Number of vulnerabilities
2
Exploitation vector
Remote access
Highest impact
Denial of service
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 2 secuirty vulnerabilities.
1) Off-by-one (CVE-ID: CVE-2022-47517)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error in url_canonize2() when processing UDP packets. A remote attacker can send a specially crafted UDP request to the server, trigger an off-by-one error and crash it.2) Out-of-bounds read (CVE-ID: CVE-2022-45909)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to heap-based buffer over-read when processing a long Request-URI in an INVITE request. A remote attacker can send a specially crafted request to the server and perform a denial of service attack.
Remediation
Install update from vendor's website.
References
- https://github.com/davehorton/sofia-sip/commit/22c1bd191f0acbf11f0c0fbea1845d9bf9dcd47e
- https://github.com/davehorton/sofia-sip/commit/bfc79d85c8f3a4798a3305fb98f5a11c11d0d29f
- https://github.com/drachtio/drachtio-server/issues/243
- https://github.com/drachtio/drachtio-server/commit/a63d01854987d9fd846cdc9265af38ee9eb72490
- https://github.com/drachtio/drachtio-server/compare/v0.8.18...v0.8.19
- https://github.com/drachtio/drachtio-server/pull/238