CVE-2022-45474 is a critical use-after-free vulnerability identified in drachtio-server version 0.8.18, specifically within the request-handler.cpp file's event_cb function. A use-after-free (CWE-416) vulnerability occurs when a program continues to use a pointer after the memory it points to has been freed, potentially leading to arbitrary code execution, memory corruption, or application crashes. In this case, the vulnerability can be triggered by any request sent to the server, indicating that no authentication or special privileges are required to exploit it. The CVSS v3.1 base score of 9.8 reflects the high severity, with an attack vector of network (AV:N), low attack complexity (AC:L), no privileges required (PR:N), no user interaction (UI:N), and full impact on confidentiality, integrity, and availability (C:H/I:H/A:H). This means an attacker can remotely exploit the vulnerability without any user interaction or credentials, leading to complete compromise of the affected system. Although no official patch or vendor information is provided, the vulnerability is publicly disclosed and enriched by CISA, indicating recognition by cybersecurity authorities. There are no known exploits in the wild at the time of publication, but the critical nature and ease of exploitation make it a significant threat to any deployment of drachtio-server 0.8.18. Drachtio-server is an open-source SIP server framework used in VoIP communications, often integrated into telephony infrastructure and real-time communication platforms.

For European organizations, the exploitation of CVE-2022-45474 could have severe consequences, especially for those relying on drachtio-server for their VoIP or real-time communication services. Successful exploitation could allow attackers to execute arbitrary code, disrupt telephony services, intercept or manipulate voice communications, and potentially pivot to other internal systems. This could lead to significant confidentiality breaches (e.g., interception of sensitive calls), integrity violations (e.g., call manipulation or fraud), and availability issues (e.g., denial of service on communication platforms). Critical sectors such as telecommunications providers, financial institutions using VoIP for secure communications, government agencies, and emergency services could face operational disruptions and data breaches. The lack of authentication and user interaction requirements increases the risk of automated or widespread exploitation attempts. Additionally, the vulnerability could be leveraged in targeted attacks or espionage campaigns, given the strategic importance of communication infrastructure in Europe.

Given the absence of an official patch, European organizations should take immediate and specific mitigation steps: 1) Identify and inventory all instances of drachtio-server 0.8.18 within their networks, including embedded systems and telephony infrastructure. 2) Implement network-level protections such as firewall rules to restrict access to the drachtio-server ports only to trusted internal IP addresses and VPNs, minimizing exposure to untrusted networks. 3) Deploy intrusion detection and prevention systems (IDS/IPS) with signatures or heuristics targeting anomalous SIP requests or known exploit patterns related to use-after-free conditions. 4) Consider temporarily disabling or isolating drachtio-server instances if they are not critical or if alternative communication platforms are available until a patch or update is released. 5) Monitor vendor channels, security advisories, and community forums for patches or mitigations and apply updates promptly once available. 6) Conduct thorough security assessments and penetration tests focusing on VoIP infrastructure to detect potential exploitation attempts. 7) Employ application-level sandboxing or containerization for drachtio-server to limit the blast radius in case of compromise. 8) Educate IT and security teams about this vulnerability to ensure rapid response to any suspicious activity.