Login Sign Up

CVE-2022-31003

9.1 CRITICAL
Remote Code Execution Denial of Service Buffer Overflow

📋 TL;DR

CVE-2022-31003 is a heap-based buffer overflow vulnerability in Sofia-SIP library's SDP parsing that allows out-of-bounds memory writes. Attackers can send malicious SDP messages to trigger crashes or potentially achieve remote code execution. This affects any system using vulnerable versions of Sofia-SIP, particularly FreeSWITCH deployments.

💻 Affected Systems

Products:
  • Sofia-SIP library
  • FreeSWITCH
  • Applications using Sofia-SIP
Versions: All versions prior to 1.13.8
Operating Systems: Linux, Unix-like systems, Windows (if compiled with Sofia-SIP)
Default Config Vulnerable: ⚠️ Yes
Notes: Any system processing SIP/SDP messages with vulnerable Sofia-SIP library is affected

📦 What is this software?

Debian Linux by Debian

View all CVEs affecting Debian Linux →

Sofia Sip by Signalwire

View all CVEs affecting Sofia Sip →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to complete system compromise and attacker persistence

🟠

Likely Case

Service crash causing denial of service and potential data loss

🟢

If Mitigated

Limited to denial of service if memory protections (ASLR, DEP) are effective

🌐 Internet-Facing: HIGH - SIP services are often internet-exposed and accept unauthenticated messages
🏢 Internal Only: MEDIUM - Internal SIP services could still be targeted via lateral movement

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Exploit requires sending specially crafted SDP messages; public advisories include technical details

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 1.13.8

Vendor Advisory: https://github.com/freeswitch/sofia-sip/security/advisories/GHSA-8w5j-6g2j-pxcp

Restart Required: Yes

Instructions:

1. Update Sofia-SIP to version 1.13.8 or later. 2. Recompile any applications using the library. 3. Restart affected services.

🔧 Temporary Workarounds

SDP Message Filtering

linux

Filter or block SDP messages at network perimeter or application level

iptables -A INPUT -p udp --dport 5060 -m string --string "v=" --algo bm -j DROP
iptables -A INPUT -p tcp --dport 5060 -m string --string "v=" --algo bm -j DROP

🧯 If You Can't Patch

  • Implement strict network segmentation to isolate SIP services
  • Deploy WAF or IPS with rules to detect and block malicious SDP patterns

🔍 How to Verify

Check if Vulnerable:

Check Sofia-SIP library version: ldd /path/to/application | grep sofia; then check version in headers or via package manager

Check Version:

dpkg -l | grep sofia-sip || rpm -qa | grep sofia-sip || sofia-sip-config --version

Verify Fix Applied:

Verify version is 1.13.8 or higher: sofia-sip-config --version

📡 Detection & Monitoring

Log Indicators:

  • SIP service crashes
  • Memory access violation errors
  • Abnormal SDP parsing errors

Network Indicators:

  • Malformed SDP messages with unusual line structures
  • Multiple connection attempts with varying SDP content

SIEM Query:

source="sip_logs" AND (error="segmentation fault" OR error="memory violation" OR message="SDP parse error")

📊 Metadata

CVE ID: CVE-2022-31003
CVSS v3 Score: 9.1 (CRITICAL)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
CWE: CWE-122
Published: May 31, 2022
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2022-31003, you might also want to check these:

CVE-2021-21940 10.0

A heap-based buffer overflow vulnerability in Anker Eufy Homebase 2's RTSP handling allows remote co...

Same vulnerability type (CWE-122)
CVE-2023-45318 10.0

This critical vulnerability allows remote attackers to execute arbitrary code on systems running Wes...

Same vulnerability type (CWE-122)
CVE-2025-23123 10.0

A heap buffer overflow vulnerability in UniFi Protect Camera firmware allows remote code execution. ...

Same vulnerability type (CWE-122)