Mend.io Vulnerability Database

What is a CVE vulnerability ID? icon What is a WS vulnerability ID? icon What is an MSC vulnerability ID? icon
New vulnerability? Tell us about it!
icon

We found results for “

CVE-2023-27598

Date: March 15, 2023

OpenSIPS is a Session Initiation Protocol (SIP) server implementation. Prior to versions 3.1.7 and 3.2.4, sending a malformed "Via" header to OpenSIPS triggers a segmentation fault when the function "calc_tag_suffix" is called. A specially crafted "Via" header, which is deemed correct by the parser, will pass uninitialized strings to the function "MD5StringArray" which leads to the crash. Abuse of this vulnerability leads to Denial of Service due to a crash. Since the uninitialized string points to memory location "0x0", no further exploitation appears to be possible. No special network privileges are required to perform this attack, as long as the OpenSIPS configuration makes use of functions such as "sl_send_reply" or "sl_gen_totag" that trigger the vulnerable code. This issue has been fixed in versions 3.1.7 and 3.2.4.

Language: C

Severity Score

Related Resources (5)

https://github.com/OpenSIPS/opensips/commit/ab611f74f69d9c42be5401c40d56ea06a58f5dd7
https://nvd.nist.gov/vuln/detail/CVE-2023-27598
https://github.com/OpenSIPS/opensips/security/advisories/GHSA-wxfg-3gwh-rhvx
https://opensips.org/pub/audit-2022/opensips-audit-technical-report-full.pdf
https://www.mend.io/vulnerability-database/CVE-2023-27598

Severity Score

Weakness Type (CWE)

Use of Uninitialized Resource

CWE-908

CVSS v3.1

Base Score:
Attack Vector (AV): NETWORK
Attack Complexity (AC): LOW
Privileges Required (PR): NONE
User Interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality (C): NONE
Integrity (I): NONE
Availability (A): HIGH

Do you need more information?

Contact Us