CVE-2023-27598

2023-03-1521:15:09

CWE-908

[email protected]

web.nvd.nist.gov

opensips

sip server

cve-2023-27598

denial of service

segmentation fault

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

0.001 Low

EPSS

Percentile

38.0%

JSON

OpenSIPS is a Session Initiation Protocol (SIP) server implementation. Prior to versions 3.1.7 and 3.2.4, sending a malformed Via header to OpenSIPS triggers a segmentation fault when the function calc_tag_suffix is called. A specially crafted Via header, which is deemed correct by the parser, will pass uninitialized strings to the function MD5StringArray which leads to the crash. Abuse of this vulnerability leads to Denial of Service due to a crash. Since the uninitialized string points to memory location 0x0, no further exploitation appears to be possible. No special network privileges are required to perform this attack, as long as the OpenSIPS configuration makes use of functions such as sl_send_reply or sl_gen_totag that trigger the vulnerable code. This issue has been fixed in versions 3.1.7 and 3.2.4.

Affected configurations

Vulners

NVD

Node

opensipsopensipsRange<3.1.7

opensipsopensipsRange3.2.0–3.2.4

VendorProductVersionCPE
opensipsopensips*cpe:2.3:a:opensips:opensips:*:*:*:*:*:*:*:*
opensipsopensips*cpe:2.3:a:opensips:opensips:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
opensips	opensips	*	cpe:2.3:a:opensips:opensips::::::::
opensips	opensips	*	cpe:2.3:a:opensips:opensips::::::::

CNA Affected

[
  {
    "vendor": "OpenSIPS",
    "product": "opensips",
    "versions": [
      {
        "version": "< 3.1.7",
        "status": "affected"
      },
      {
        "version": ">= 3.2.0, < 3.2.4",
        "status": "affected"
      }
    ]
  }
]