7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
0.001 Low
EPSS
Percentile
38.0%
OpenSIPS is a Session Initiation Protocol (SIP) server implementation.
Prior to versions 3.1.7 and 3.2.4, sending a malformed Via
header to
OpenSIPS triggers a segmentation fault when the function calc_tag_suffix
is called. A specially crafted Via
header, which is deemed correct by the
parser, will pass uninitialized strings to the function MD5StringArray
which leads to the crash. Abuse of this vulnerability leads to Denial of
Service due to a crash. Since the uninitialized string points to memory
location 0x0
, no further exploitation appears to be possible. No special
network privileges are required to perform this attack, as long as the
OpenSIPS configuration makes use of functions such as sl_send_reply
or
sl_gen_totag
that trigger the vulnerable code. This issue has been fixed
in versions 3.1.7 and 3.2.4.
github.com/OpenSIPS/opensips/commit/ab611f74f69d9c42be5401c40d56ea06a58f5dd7
github.com/OpenSIPS/opensips/security/advisories/GHSA-wxfg-3gwh-rhvx
launchpad.net/bugs/cve/CVE-2023-27598
nvd.nist.gov/vuln/detail/CVE-2023-27598
opensips.org/pub/audit-2022/opensips-audit-technical-report-full.pdf
security-tracker.debian.org/tracker/CVE-2023-27598
www.cve.org/CVERecord?id=CVE-2023-27598