{
  "affected": [
    {
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "22c1bd191f0acbf11f0c0fbea1845d9bf9dcd47e"
            },
            {
              "fixed": "bfc79d85c8f3a4798a3305fb98f5a11c11d0d29f"
            }
          ],
          "repo": "https://github.com/davehorton/sofia-sip",
          "type": "GIT"
        },
        {
          "database_specific": {
            "versions": [
              {
                "introduced": "0"
              },
              {
                "fixed": "0.8.19"
              }
            ]
          },
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2a1c9b87ef379c6b4fb1c8b8372fa99a0c5e594c"
            }
          ],
          "repo": "https://github.com/drachtio/drachtio-server",
          "type": "GIT"
        }
      ]
    }
  ],
  "details": "An issue was discovered in the libsofia-sip fork in drachtio-server before 0.8.19. It allows remote attackers to cause a denial of service (daemon crash) via a crafted UDP message that causes a url_canonize2 heap-based buffer over-read because of an off-by-one error.",
  "id": "CVE-2022-47517",
  "modified": "2026-04-01T23:08:09.751309926Z",
  "published": "2022-12-18T05:15:11.300Z",
  "references": [
    {
      "type": "FIX",
      "url": "https://github.com/davehorton/sofia-sip/commit/bfc79d85c8f3a4798a3305fb98f5a11c11d0d29f"
    },
    {
      "type": "FIX",
      "url": "https://github.com/davehorton/sofia-sip/commit/22c1bd191f0acbf11f0c0fbea1845d9bf9dcd47e"
    },
    {
      "type": "EVIDENCE",
      "url": "https://github.com/drachtio/drachtio-server/issues/243"
    }
  ],
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}