Opensips Security Vulnerabilities
OpenSIPS is a Session Initiation Protocol (SIP) server implementation. Prior to versions 3.1.7 and 3.2.4, OpenSIPS crashes when a malformed SDP body is received and is processed by the delete_sdp_line function in the sipmsgops module. This issue can be reproduced by calling the function with an...
7.5CVSS
7.3AI Score
0.001EPSS
OpenSIPS is a Session Initiation Protocol (SIP) server implementation. Prior to versions 3.1.7 and 3.2.4, a specially crafted Authorization header causes OpenSIPS to crash or behave in an unexpected way due to a bug in the function parse_param_name() . This issue was discovered while performing...
7.5CVSS
7.4AI Score
0.001EPSS
OpenSIPS is a Session Initiation Protocol (SIP) server implementation. Prior to versions 3.1.9 and 3.2.6, if ds_is_in_list() is used with an invalid IP address string (NULL is illegal input), OpenSIPS will attempt to print a string from a random address (stack garbage), which could lead to a...
7.5CVSS
7.4AI Score
0.001EPSS
OpenSIPS, a Session Initiation Protocol (SIP) server implementation, has a memory leak starting in the 2.3 branch and priot to versions 3.1.8 and 3.2.5. The memory leak was detected in the function parse_mi_request while performing coverage-guided fuzzing. This issue can be reproduced by sending...
7.5CVSS
7.5AI Score
0.001EPSS
OpenSIPS is a Session Initiation Protocol (SIP) server implementation. Prior to versions 3.1.7 and 3.2.4, OpenSIPS crashes when a malformed SDP body is received and is processed by the delete_sdp_line function in the sipmsgops module. This issue can be reproduced by calling the function with an...
7.5CVSS
7.2AI Score
0.001EPSS
OpenSIPS is a Session Initiation Protocol (SIP) server implementation. Prior to versions 3.1.8 and 3.2.5, when a specially crafted SIP message is processed by the function rewrite_ruri, a crash occurs due to a segmentation fault. This issue causes the server to crash. It affects configurations...
7.5CVSS
7.4AI Score
0.002EPSS
OpenSIPS is a Session Initiation Protocol (SIP) server implementation. Prior to versions 3.1.7 and 3.2.4, sending a malformed Via header to OpenSIPS triggers a segmentation fault when the function calc_tag_suffix is called. A specially crafted Via header, which is deemed correct by the parser,...
7.5CVSS
7.4AI Score
0.001EPSS
OpenSIPS is a Session Initiation Protocol (SIP) server implementation. Prior to versions 3.1.8 and 3.2.5, OpenSIPS crashes when a malformed SDP body is sent multiple times to an OpenSIPS configuration that makes use of the stream_process function. This issue was discovered during coverage guided...
7.5CVSS
7.4AI Score
0.001EPSS
OpenSIPS is a Session Initiation Protocol (SIP) server implementation. Prior to versions 3.1.9 and 3.2.6, a malformed SIP message containing a large Content-Length value and a specially crafted Request-URI causes a segmentation fault in OpenSIPS. This issue occurs when a large amount of shared...
7.5CVSS
7.2AI Score
0.001EPSS
OpenSIPS is a Session Initiation Protocol (SIP) server implementation. Versions prior to 3.1.7 and 3.2.4 have a potential issue in msg_translator.c:2628 which might lead to a server crash. This issue was found while fuzzing the function build_res_buf_from_sip_req but could not be reproduced...
7.5CVSS
7.4AI Score
0.001EPSS
OpenSIPS is a Session Initiation Protocol (SIP) server implementation. Prior to versions 3.1.7 and 3.2.4, when the function append_hf handles a SIP message with a malformed To header, a call to the function abort() is performed, resulting in a crash. This is due to the following check in...
7.5CVSS
7.4AI Score
0.001EPSS
7.5CVSS
7.5AI Score
0.001EPSS