Vulnerabilities in sofia-sip - CVE-2022-31001 A crafted SDP message can cause an out-of-bounds access resulting in a program crash. - CVE-2022-31002 Another crafted SDP message can cause a crash, specifically when an SDP URL ends with a % sign. - CVE-2022-31003 An SDP message with a crafted "rest = record + 2" line can lead to out-of-bounds memory writing or potentially remote code execution. Affected Software - sofia-sip Version: 1.12.11+20110422.1-2.1+deb10u1 Resolution - Fixed in Debian 10 Buster version 1.12.11+20110422.1-2.1+deb10u1. Users are recommended to upgrade their sofia-sip packages. Security Tracker - Detailed security information: sofia-sip security tracker Debian LTS Disclaimer - Additional Debian LTS security advisory information, updates, and FAQs can be found at: Debian LTS wiki