CVE-2022-47517 in drachtio-server
Summary
by MITRE • 12/18/2022
An issue was discovered in the libsofia-sip fork in drachtio-server before 0.8.19. It allows remote attackers to cause a denial of service (daemon crash) via a crafted UDP message that causes a url_canonize2 heap-based buffer over-read because of an off-by-one error.
Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.
Analysis
by VulDB Data Team • 04/18/2025
The vulnerability identified as CVE-2022-47517 resides within the libsofia-sip library implementation used by the drachtio-server software ecosystem. This issue represents a critical heap-based buffer over-read condition that manifests when the system processes specially crafted UDP messages. The vulnerability specifically affects versions of drachtio-server prior to 0.8.19, indicating that this flaw has existed for some time within the software supply chain and could potentially be exploited by malicious actors without detection.
The technical root cause of this vulnerability stems from an off-by-one error within the url_canonize2 function, which is responsible for canonicalizing SIP URLs during message processing. This type of error occurs when a program attempts to access memory beyond the allocated buffer boundaries, creating a condition where an attacker can manipulate the input data to trigger memory corruption. The heap-based nature of the buffer over-read means that the vulnerability affects dynamically allocated memory regions, making the exploitation more complex but potentially more severe than stack-based buffer overflows.
From an operational perspective, this vulnerability presents a significant denial of service risk to systems running affected versions of drachtio-server. When exploited, the crafted UDP message causes the daemon process to crash and terminate unexpectedly, leading to service disruption for all SIP-based communications handled by that server instance. The remote nature of the attack means that adversaries do not require local access or authentication to trigger the vulnerability, making it particularly dangerous in production environments where SIP servers handle critical communication infrastructure. The impact extends beyond simple service interruption as network reliability and communication continuity are compromised, potentially affecting VoIP services, unified communications platforms, and other SIP-dependent applications.
The vulnerability aligns with CWE-121, which describes heap-based buffer overflow conditions, and represents a classic example of memory safety issues in C/C++ based applications. From an attack framework perspective, this vulnerability maps to the ATT&CK technique T1499.004 for network denial of service attacks, where adversaries leverage software flaws to disrupt service availability. Organizations should prioritize patching affected systems to version 0.8.19 or later, implementing network segmentation to limit exposure, and monitoring for suspicious UDP traffic patterns that may indicate exploitation attempts. Additionally, implementing proper input validation and bounds checking mechanisms within the application code can help prevent similar issues from occurring in other components of the communication infrastructure.