167 matches found
CVE-2023-27601
OpenSIPS is a Session Initiation Protocol SIP server implementation. Prior to versions 3.1.7 and 3.2.4, OpenSIPS crashes when a malformed SDP body is received and is processed by the deletesdpline function in the sipmsgops module. This issue can be reproduced by calling the function with an SDP...
UBUNTU-CVE-2023-28095
OpenSIPS is a Session Initiation Protocol SIP server implementation. Versions prior to 3.1.7 and 3.2.4 have a potential issue in msgtranslator.c:2628 which might lead to a server crash. This issue was found while fuzzing the function buildresbuffromsipreq but could not be reproduced against a...
UBUNTU-CVE-2023-27601
OpenSIPS is a Session Initiation Protocol SIP server implementation. Prior to versions 3.1.7 and 3.2.4, OpenSIPS crashes when a malformed SDP body is received and is processed by the deletesdpline function in the sipmsgops module. This issue can be reproduced by calling the function with an SDP...
UBUNTU-CVE-2023-27600
OpenSIPS is a Session Initiation Protocol SIP server implementation. Prior to versions 3.1.7 and 3.2.4, OpenSIPS crashes when a malformed SDP body is received and is processed by the deletesdpline function in the sipmsgops module. This issue can be reproduced by calling the function with an SDP...
UBUNTU-CVE-2023-28096
OpenSIPS, a Session Initiation Protocol SIP server implementation, has a memory leak starting in the 2.3 branch and priot to versions 3.1.8 and 3.2.5. The memory leak was detected in the function parsemirequest while performing coverage-guided fuzzing. This issue can be reproduced by sending...
CVE-2023-28098 OpenSIPS has vulnerability in the Digest Authentication Parser
OpenSIPS is a Session Initiation Protocol SIP server implementation. Prior to versions 3.1.7 and 3.2.4, a specially crafted Authorization header causes OpenSIPS to crash or behave in an unexpected way due to a bug in the function parseparamname . This issue was discovered while performing coverag...
CVE-2023-28098 OpenSIPS has vulnerability in the Digest Authentication Parser
OpenSIPS is a Session Initiation Protocol SIP server implementation. Prior to versions 3.1.7 and 3.2.4, a specially crafted Authorization header causes OpenSIPS to crash or behave in an unexpected way due to a bug in the function parseparamname . This issue was discovered while performing coverag...
CVE-2023-28098
CVE-2023-28098 affects OpenSIPS before versions 3.1.7 and 3.2.4. A specially crafted Authorization header triggers a bug in parse_param_name() (invoked during parse_msg) that can lead to a crash or erratic behavior, with the fault traced to q_memchr() via parse_param_name(). The issue may impact ...
CVE-2023-28097 OpenSIPS has vulnerability in the Content-Length Parser
OpenSIPS is a Session Initiation Protocol SIP server implementation. Prior to versions 3.1.9 and 3.2.6, a malformed SIP message containing a large Content-Length value and a specially crafted Request-URI causes a segmentation fault in OpenSIPS. This issue occurs when a large amount of shared memo...
CVE-2023-28097
OpenSIPS (SIP server) is vulnerable prior to versions 3.1.9 and 3.2.6 due to a parsing flaw in Content-Length that can trigger a segmentation fault when processing a malformed SIP request with a very large Content-Length value, especially when a large shared memory segment (e.g., 2362 or more) is...
CVE-2023-28097 OpenSIPS has vulnerability in the Content-Length Parser
OpenSIPS is a Session Initiation Protocol SIP server implementation. Prior to versions 3.1.9 and 3.2.6, a malformed SIP message containing a large Content-Length value and a specially crafted Request-URI causes a segmentation fault in OpenSIPS. This issue occurs when a large amount of shared memo...
CVE-2023-28097 OpenSIPS has vulnerability in the Content-Length Parser
OpenSIPS is a Session Initiation Protocol SIP server implementation. Prior to versions 3.1.9 and 3.2.6, a malformed SIP message containing a large Content-Length value and a specially crafted Request-URI causes a segmentation fault in OpenSIPS. This issue occurs when a large amount of shared memo...
CVE-2023-28096
OpenSIPS vulnerability CVE-2023-28096 involves a memory leak in the OpenSIPS 2.3 branch and older than 3.1.8 and 3.2.5 caused by parsing requests (notably via the MI - management interface). The leak was detected in parse_mi_request under fuzzing and can lead to memory exhaustion if the MI is exp...
CVE-2023-28096 OpenSIPS has memory leak in cJSON lib
OpenSIPS, a Session Initiation Protocol SIP server implementation, has a memory leak starting in the 2.3 branch and priot to versions 3.1.8 and 3.2.5. The memory leak was detected in the function parsemirequest while performing coverage-guided fuzzing. This issue can be reproduced by sending...
CVE-2023-28096 OpenSIPS has memory leak in cJSON lib
OpenSIPS, a Session Initiation Protocol SIP server implementation, has a memory leak starting in the 2.3 branch and priot to versions 3.1.8 and 3.2.5. The memory leak was detected in the function parsemirequest while performing coverage-guided fuzzing. This issue can be reproduced by sending...
CVE-2023-28096 OpenSIPS has memory leak in cJSON lib
OpenSIPS, a Session Initiation Protocol SIP server implementation, has a memory leak starting in the 2.3 branch and priot to versions 3.1.8 and 3.2.5. The memory leak was detected in the function parsemirequest while performing coverage-guided fuzzing. This issue can be reproduced by sending...
CVE-2023-28095 OpenSIPS has vulnerability in the building the local negative replies
OpenSIPS is a Session Initiation Protocol SIP server implementation. Versions prior to 3.1.7 and 3.2.4 have a potential issue in msgtranslator.c:2628 which might lead to a server crash. This issue was found while fuzzing the function buildresbuffromsipreq but could not be reproduced against a...
CVE-2023-28095 OpenSIPS has vulnerability in the building the local negative replies
OpenSIPS is a Session Initiation Protocol SIP server implementation. Versions prior to 3.1.7 and 3.2.4 have a potential issue in msgtranslator.c:2628 which might lead to a server crash. This issue was found while fuzzing the function buildresbuffromsipreq but could not be reproduced against a...
CVE-2023-28095 OpenSIPS has vulnerability in the building the local negative replies
OpenSIPS is a Session Initiation Protocol SIP server implementation. Versions prior to 3.1.7 and 3.2.4 have a potential issue in msgtranslator.c:2628 which might lead to a server crash. This issue was found while fuzzing the function buildresbuffromsipreq but could not be reproduced against a...
CVE-2023-28095
OpenSIPS (SIP server) versions prior to 3.1.7 and 3.2.4 contain a potential issue in msg_translator.c:2628, stemming from fuzzing build_res_buf_from_sip_req. The issue could lead to a server crash and is described as not exploitable against a running instance due to lack of public vectors; if exp...