Since FusionPBX/Freeswitch uses Sofia-sip, these security vulns caught my eye:
CVE rating is 5 to 7.5
My Debian 10 install had a vulnerable version 1.13.7 (lib-sofia-ua) and would not upgrade due to the Signalwire token authentication issues.
Build software better, together
GitHub is where people build software. More than 100 million people use GitHub to discover, fork, and contribute to over 420 million projects.
github.com
CVE-2022-31003 : Sofia-SIP is an open-source Session Initiation Protocol (SIP) User-Agent library. Prior to version 1.13.8, when parsing
CVE-2022-31003 : Sofia-SIP is an open-source Session Initiation Protocol (SIP) User-Agent library. Prior to version 1.13.8, when parsing each line of a sdp message, `rest = record + 2` will access the memory behind `\0` and cause an out-of-bounds write. An attacker can send a message with evil...
www.cvedetails.com
CVE-2022-31002 : Sofia-SIP is an open-source Session Initiation Protocol (SIP) User-Agent library. Prior to version 1.13.8, an attacker c
CVE-2022-31002 : Sofia-SIP is an open-source Session Initiation Protocol (SIP) User-Agent library. Prior to version 1.13.8, an attacker can send a message with evil sdp to FreeSWITCH, which may cause a crash. This type of crash may be caused by a URL ending with `%`. Version 1.13.8 contains a...
www.cvedetails.com
CVE-2022-31001 : Sofia-SIP is an open-source Session Initiation Protocol (SIP) User-Agent library. Prior to version 1.13.8, an attacker c
CVE-2022-31001 : Sofia-SIP is an open-source Session Initiation Protocol (SIP) User-Agent library. Prior to version 1.13.8, an attacker can send a message with evil sdp to FreeSWITCH, which may cause crash. This type of crash may be caused by `#define MATCH(s, m) (strncmp(s, m, n = sizeof(m) -...
www.cvedetails.com
CVE rating is 5 to 7.5
My Debian 10 install had a vulnerable version 1.13.7 (lib-sofia-ua) and would not upgrade due to the Signalwire token authentication issues.