CVE-2022-47517

HIGH

Drachtio-server < 0.8.19 - Denial of Service

Title source: rule

Description

An issue was discovered in the libsofia-sip fork in drachtio-server before 0.8.19. It allows remote attackers to cause a denial of service (daemon crash) via a crafted UDP message that causes a url_canonize2 heap-based buffer over-read because of an off-by-one error.

References (3)

[Patch, Third Party Advisory] https://github.com/davehorton/sofia-sip/commit/22c1bd191f0acbf11f0c0fbea1845d9bf9dcd47e

View Patch ZIP pw:eip

[Patch, Third Party Advisory] https://github.com/davehorton/sofia-sip/commit/bfc79d85c8f3a4798a3305fb98f5a11c11d0d29f

[Exploit, Third Party Advisory] https://github.com/drachtio/drachtio-server/issues/243

Scores

CVSS v3 7.5

EPSS 0.0098

EPSS Percentile 76.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CISA SSVC

Vulnrichment

Exploitation poc

Automatable yes

Technical Impact partial

Details

CWE

CWE-193

Status published

Products (1)

drachtio/drachtio-server < 0.8.19

Published Dec 18, 2022

Tracked Since Feb 18, 2026