Description
drachtio-server before 0.8.19 has a heap-based buffer over-read via a long Request-URI in an INVITE request.
References (3)
Core 3
Core References
Patch, Third Party Advisory
https://github.com/drachtio/drachtio-server/commit/a63d01854987d9fd846cdc9265af38ee9eb72490
Patch, Third Party Advisory
https://github.com/drachtio/drachtio-server/compare/v0.8.18...v0.8.19
Third Party Advisory
https://github.com/drachtio/drachtio-server/pull/238
Scores
CVSS v3
9.1
EPSS
0.0053
EPSS Percentile
67.0%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-125
Status
published
Products (1)
drachtio/drachtio-server
< 0.8.19
Published
Nov 26, 2022
Tracked Since
Feb 18, 2026