CVE-2023-27597
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
OpenSIPS is a Session Initiation Protocol (SIP) server implementation. Prior to versions 3.1.8 and 3.2.5, when a specially crafted SIP message is processed by the function rewrite_ruri, a crash occurs due to a segmentation fault. This issue causes the server to crash. It affects configurations containing functions that make use of the affected code, such as the function setport. This issue has been fixed in version 3.1.8 and 3.2.5.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| OpenSIPS | opensips | < 3.1.8 | affected |
| OpenSIPS | opensips | >= 3.2.0, < 3.2.5 | affected |
Weaknesses
- CWE-20: CWE-20: Improper Input Validation
ADP Enrichment
CVE Program Container
Additional References
- https://github.com/OpenSIPS/opensips/security/advisories/GHSA-358f-935m-7p9c
- https://github.com/OpenSIPS/opensips/commit/b2dffe4b5cd81182c9c8eabb6c96aac96c7acfe3
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: yes
- Technical Impact: partial
References
- https://github.com/OpenSIPS/opensips/security/advisories/GHSA-358f-935m-7p9c
- https://github.com/OpenSIPS/opensips/commit/b2dffe4b5cd81182c9c8eabb6c96aac96c7acfe3
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.