Home > Vulnerability Database > CVE-2023-28095

Mend.io Vulnerability Database

CVE-2023-28095

Good to know:

Date: March 15, 2023

OpenSIPS is a Session Initiation Protocol (SIP) server implementation. Versions prior to 3.1.7 and 3.2.4 have a potential issue in `msg_translator.c:2628` which might lead to a server crash. This issue was found while fuzzing the function `build_res_buf_from_sip_req` but could not be reproduced against a running instance of OpenSIPS. This issue could not be exploited against a running instance of OpenSIPS since no public function was found to make use of this vulnerable code. Even in the case of exploitation through unknown vectors, it is highly unlikely that this issue would lead to anything other than Denial of Service. This issue has been fixed in versions 3.1.7 and 3.2.4.

Language: C

Severity Score

7.5

Related Resources (5)

Url: https://github.com/OpenSIPS/opensips/commit/9cf3dd3398719dd91207495f76d7726701c5145c

Url: https://github.com/OpenSIPS/opensips/security/advisories/GHSA-7pf3-24qg-8v9h

Url: https://opensips.org/pub/audit-2022/opensips-audit-technical-report-full.pdf

Url: https://nvd.nist.gov/vuln/detail/CVE-2023-28095

Url: https://www.mend.io/vulnerability-database/CVE-2023-28095

Severity Score

7.5

Weakness Type (CWE)

Insufficient Information

NVD-CWE-noinfo

Top Fix

Upgrade Version

Upgrade to version 3.1.7,3.2.4

Learn More

CVSS v3.1

Base Score:	7.5
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	NONE
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

CVE-2023-28095

Good to know:

Date: March 15, 2023

Language: C

Severity Score

Related Resources (5)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?