Linux Distros Unpatched Vulnerability : CVE-2023-28096

🗓️ 10 Sep 2025 00:00:00Reported by TenableType

OpenSIPS memory leak CVE-2023-28096 affects versions before 3.1.8 and 3.2.5.

Reporter	Title	Published	Views	Family All 11
CNNVD	OpenSIPS 安全漏洞	15 Mar 202300:00	–	cnnvd
CVE	CVE-2023-28096	15 Mar 202321:52	–	cve
Cvelist	CVE-2023-28096 OpenSIPS has memory leak in cJSON lib	15 Mar 202321:52	–	cvelist
EUVD	EUVD-2023-31821	3 Oct 202520:07	–	euvd
NVD	CVE-2023-28096	15 Mar 202322:15	–	nvd
OSV	CVE-2023-28096 OpenSIPS has memory leak in cJSON lib	15 Mar 202321:52	–	osv
OSV	UBUNTU-CVE-2023-28096	15 Mar 202322:15	–	osv
Prion	Memory corruption	15 Mar 202322:15	–	prion
RedhatCVE	CVE-2023-28096	23 May 202506:00	–	redhatcve
UbuntuCve	CVE-2023-28096	15 Mar 202322:15	–	ubuntucve

Source	Link
ubuntu	www.ubuntu.com/security/CVE-2023-28096
cve	www.cve.mitre.org/cgi-bin/cvename.cgi

#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##

include('compat.inc');

if (description)
{
  script_id(262264);
  script_version("1.1");
  script_set_attribute(attribute:"plugin_modification_date", value:"2025/09/10");

  script_cve_id("CVE-2023-28096");

  script_name(english:"Linux Distros Unpatched Vulnerability : CVE-2023-28096");

  script_set_attribute(attribute:"synopsis", value:
"The Linux/Unix host has one or more packages installed with a vulnerability that the vendor indicates will not be
patched.");
  script_set_attribute(attribute:"description", value:
"The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied
patch available.

  - OpenSIPS, a Session Initiation Protocol (SIP) server implementation, has a memory leak starting in the 2.3
    branch and priot to versions 3.1.8 and 3.2.5. The memory leak was detected in the function
    `parse_mi_request` while performing coverage-guided fuzzing. This issue can be reproduced by sending
    multiple requests of the form `{jsonrpc: 2.0,method: log_le`. This malformed message was tested
    against an instance of OpenSIPS via FIFO transport layer and was found to increase the memory consumption
    over time. To abuse this memory leak, attackers need to reach the management interface (MI) which
    typically should only be exposed on trusted interfaces. In cases where the MI is exposed to the internet
    without authentication, abuse of this issue will lead to memory exhaustion which may affect the underlying
    system's availability. No authentication is typically required to reproduce this issue. On the other hand,
    memory leaks may occur in other areas of OpenSIPS where the cJSON library is used for parsing JSON
    objects. The issue has been fixed in versions 3.1.8 and 3.2.5. (CVE-2023-28096)

Note that Nessus relies on the presence of the package as reported by the vendor.");
  script_set_attribute(attribute:"see_also", value:"https://ubuntu.com/security/CVE-2023-28096");
  script_set_attribute(attribute:"solution", value:
"There is no known solution at this time.");
  script_set_attribute(attribute:"agent", value:"unix");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2023-28096");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");
  script_set_attribute(attribute:"vendor_unpatched", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2023/03/15");
  script_set_attribute(attribute:"plugin_publication_date", value:"2025/09/10");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:18.04:-:lts");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:opensips");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Misc.");

  script_copyright(english:"This script is Copyright (C) 2025 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info2.nasl", "set_linux_os_id.nasl");
  script_require_keys("Host/cpu", "Host/local_checks_enabled", "global_settings/vendor_unpatched", "Host/OS/identifier");
  script_require_ports("Host/OS/Ubuntu Linux-18.04");

  exit(0);
}

if (!get_kb_item("global_settings/vendor_unpatched")) exit(0, "Unpatched Vulnerabilities Detection not active.");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (empty_or_null(get_one_kb_item("Host/Debian/dpkg-l"))) audit(AUDIT_PACKAGE_LIST_MISSING);

include('linux_unpatched.inc');

var distro_constraints_array = {
  "Ubuntu Linux-18.04": {
    "package_manager": "dpkg-l",
    "constraints": [
      {
        "release": "18.04",
        "pkgs": [
          {"reference": "opensips"}
        ]
      }
    ]
  }
};

var distro_constraints_values = linux_unpatched::get_distro_constraints(distro_constraints_arr:distro_constraints_array);
if (empty_or_null(distro_constraints_values)) audit(AUDIT_HOST_NOT, 'affected');
var report = linux_unpatched::check_unpatched_constraints(distro_constraints_values:distro_constraints_values);

if (!empty_or_null(report))
{
  security_report_v4(
      port       : 0,
      severity   : SECURITY_WARNING,
      extra      : report
  );
  exit(0);
}
else
{
  audit(AUDIT_HOST_NOT, 'affected');
}

10 Sep 2025 00:00Current

7.1High risk

Vulners AI Score7.1

CVSS 3.14.5 - 7.5

EPSS0.00976

SSVC