Home > Vulnerability Database > CVE-2023-27597

Mend.io Vulnerability Database

CVE-2023-27597

Date: March 15, 2023

OpenSIPS is a Session Initiation Protocol (SIP) server implementation. Prior to versions 3.1.8 and 3.2.5, when a specially crafted SIP message is processed by the function "rewrite_ruri", a crash occurs due to a segmentation fault. This issue causes the server to crash. It affects configurations containing functions that make use of the affected code, such as the function "setport". This issue has been fixed in version 3.1.8 and 3.2.5.

Language: C

Severity Score

7.5

Related Resources (4)

Url: https://nvd.nist.gov/vuln/detail/CVE-2023-27597

Url: https://github.com/OpenSIPS/opensips/security/advisories/GHSA-358f-935m-7p9c

Url: https://github.com/OpenSIPS/opensips/commit/b2dffe4b5cd81182c9c8eabb6c96aac96c7acfe3

Url: https://www.mend.io/vulnerability-database/CVE-2023-27597

Severity Score

7.5

Weakness Type (CWE)

Improper Input Validation

CWE-20

Insufficient Information

NVD-CWE-noinfo

CVSS v3.1

Base Score:	7.5
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	NONE
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

CVE-2023-27597

Date: March 15, 2023

Language: C

Severity Score

Related Resources (4)

Severity Score

Weakness Type (CWE)

CVSS v3.1

Do you need more information?