CVE-2026-25554

OpenSIPS versions 3.1 before 3.6.4 containing the authjwt module prior to commit 3822d33 contain a SQL injection vulnerability in the jwtdbauthorize function in modules/authjwt/authorize.c when dbmode is enabled and a SQL database backend is used. The function extracts the tag claim from a JWT...

EUVD-2023-31824

Malicious code in bioql PyPI...

EUVD-2023-31335

Malicious code in bioql PyPI...

EUVD-2023-31339

Malicious code in bioql PyPI...

EUVD-2023-31337

Malicious code in bioql PyPI...

EUVD-2023-31338

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2023-27596

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - OpenSIPS is a Session Initiation Protocol SIP server implementation. Prior to versions 3.1.8 and 3.2.5, OpenSIPS crashes when a malformed SDP body is sent...

Linux Distros Unpatched Vulnerability : CVE-2023-28099

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - OpenSIPS is a Session Initiation Protocol SIP server implementation. Prior to versions 3.1.9 and 3.2.6, if dsisinlist is used with an invalid IP address string...

CVE-2023-28099

OpenSIPS is a Session Initiation Protocol SIP server implementation. Prior to versions 3.1.9 and 3.2.6, if dsisinlist is used with an invalid IP address string NULL is illegal input, OpenSIPS will attempt to print a string from a random address stack garbage, which could lead to a crash. All user...

CVE-2023-28097

OpenSIPS is a Session Initiation Protocol SIP server implementation. Prior to versions 3.1.9 and 3.2.6, a malformed SIP message containing a large Content-Length value and a specially crafted Request-URI causes a segmentation fault in OpenSIPS. This issue occurs when a large amount of shared memo...

CVE-2023-27597

OpenSIPS is a Session Initiation Protocol SIP server implementation. Prior to versions 3.1.8 and 3.2.5, when a specially crafted SIP message is processed by the function rewriteruri, a crash occurs due to a segmentation fault. This issue causes the server to crash. It affects configurations...

CVE-2023-27598

OpenSIPS is a Session Initiation Protocol SIP server implementation. Prior to versions 3.1.7 and 3.2.4, sending a malformed Via header to OpenSIPS triggers a segmentation fault when the function calctagsuffix is called. A specially crafted Via header, which is deemed correct by the parser, will...

CVE-2023-28099 OpenSIPS has vulnerability in the ds_is_in_list() function

OpenSIPS is a Session Initiation Protocol SIP server implementation. Prior to versions 3.1.9 and 3.2.6, if dsisinlist is used with an invalid IP address string NULL is illegal input, OpenSIPS will attempt to print a string from a random address stack garbage, which could lead to a crash. All user...

CVE-2023-28098 OpenSIPS has vulnerability in the Digest Authentication Parser

OpenSIPS is a Session Initiation Protocol SIP server implementation. Prior to versions 3.1.7 and 3.2.4, a specially crafted Authorization header causes OpenSIPS to crash or behave in an unexpected way due to a bug in the function parseparamname . This issue was discovered while performing coverag...

CVE-2023-28095 OpenSIPS has vulnerability in the building the local negative replies

OpenSIPS is a Session Initiation Protocol SIP server implementation. Versions prior to 3.1.7 and 3.2.4 have a potential issue in msgtranslator.c:2628 which might lead to a server crash. This issue was found while fuzzing the function buildresbuffromsipreq but could not be reproduced against a...

CVE-2023-27601 OpenSIPS has vulnerability in the codec_delete_XX() functions

OpenSIPS is a Session Initiation Protocol SIP server implementation. Prior to versions 3.1.7 and 3.2.4, OpenSIPS crashes when a malformed SDP body is received and is processed by the deletesdpline function in the sipmsgops module. This issue can be reproduced by calling the function with an SDP...

CVE-2023-27600 OpenSIPS has vulnerability in the codec_delete_XX() functions

OpenSIPS is a Session Initiation Protocol SIP server implementation. Prior to versions 3.1.7 and 3.2.4, OpenSIPS crashes when a malformed SDP body is received and is processed by the deletesdpline function in the sipmsgops module. This issue can be reproduced by calling the function with an SDP...

CVE-2023-27599 OpenSIPS has vulnerability in the parse_to_param() function

OpenSIPS is a Session Initiation Protocol SIP server implementation. Prior to versions 3.1.7 and 3.2.4, when the function appendhf handles a SIP message with a malformed To header, a call to the function abort is performed, resulting in a crash. This is due to the following check in datalump.c:39...

CVE-2023-27598 OpenSIPS has vulnerability in the parse_via() function

OpenSIPS is a Session Initiation Protocol SIP server implementation. Prior to versions 3.1.7 and 3.2.4, sending a malformed Via header to OpenSIPS triggers a segmentation fault when the function calctagsuffix is called. A specially crafted Via header, which is deemed correct by the parser, will...

CVE-2023-27597 OpenSIPS has vulnerability in the parse_uri() function

OpenSIPS is a Session Initiation Protocol SIP server implementation. Prior to versions 3.1.8 and 3.2.5, when a specially crafted SIP message is processed by the function rewriteruri, a crash occurs due to a segmentation fault. This issue causes the server to crash. It affects configurations...