CVE-2023-27597

Published: Mar 15, 2023Modified: Nov 21, 2024

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

OpenSIPS is a Session Initiation Protocol (SIP) server implementation. Prior to versions 3.1.8 and 3.2.5, when a specially crafted SIP message is processed by the function `rewrite_ruri`, a crash occurs due to a segmentation fault. This issue causes the server to crash. It affects configurations containing functions that make use of the affected code, such as the function `setport`. This issue has been fixed in version 3.1.8 and 3.2.5.

Affected (2)

Products: Opensips: Opensips

1 product

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Opensips Opensips	Before 3.1.8
Opensips Opensips	From 3.2.0 to 3.2.5

Related CWEs

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References (4)

https://github.com/OpenSIPS/opensips/commit/b2dffe4b5cd81182c9c8eabb6c96aac96c7acfe3

Source: security-advisories@github.com

PatchThird Party Advisory

https://github.com/OpenSIPS/opensips/security/advisories/GHSA-358f-935m-7p9c

Source: security-advisories@github.com

Third Party Advisory

https://github.com/OpenSIPS/opensips/commit/b2dffe4b5cd81182c9c8eabb6c96aac96c7acfe3

Source: af854a3a-2127-422b-91ae-364da2661108

PatchThird Party Advisory

https://github.com/OpenSIPS/opensips/security/advisories/GHSA-358f-935m-7p9c

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.