Exploit Report

Computer Security And Bug Information

CVE-2023-27598

CVECVE-2023-27598
CVE Title
Published Date2023-03-15T21:15Z
Modified Date2023-03-21T19:14Z
CWE TypeCWE-908
CVSS 3.xCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
DescriptionOpenSIPS is a Session Initiation Protocol (SIP) server implementation. Prior to versions 3.1.7 and 3.2.4, sending a malformed `Via` header to OpenSIPS triggers a segmentation fault when the function `calc_tag_suffix` is called. A specially crafted `Via` header, which is deemed correct by the parser, will pass uninitialized strings to the function `MD5StringArray` which leads to the crash. Abuse of this vulnerability leads to Denial of Service due to a crash. Since the uninitialized string points to memory location `0x0`, no further exploitation appears to be possible. No special network privileges are required to perform this attack, as long as the OpenSIPS configuration makes use of functions such as `sl_send_reply` or `sl_gen_totag` that trigger the vulnerable code. This issue has been fixed in versions 3.1.7 and 3.2.4.
References
By clicking these links you will leave this website. We do not endorse and will not be held accountable for any activity on external sites.
Reference URLhttps://github.com/OpenSIPS/opensips/commit/ab611f74f69d9c42be5401c40d56ea06a58f5dd7
Reference DescriptionMISC https://github.com/OpenSIPS/opensips/commit/ab611f74f69d9c42be5401c40d56ea06a58f5dd7
Reference URLhttps://github.com/OpenSIPS/opensips/security/advisories/GHSA-wxfg-3gwh-rhvx
Reference DescriptionMISC https://github.com/OpenSIPS/opensips/security/advisories/GHSA-wxfg-3gwh-rhvx
Reference URLhttps://opensips.org/pub/audit-2022/opensips-audit-technical-report-full.pdf
Reference DescriptionMISC https://opensips.org/pub/audit-2022/opensips-audit-technical-report-full.pdf
TagsPatch Third Party Advisory
Sources NIST MITRE

This site's data is aggregated programmatically and provided "as is" without any representations or warranties, express or implied. Exploit.report is not affiliated with the The MITRE Corporation, U.S. Department of Homeland Security (DHS), Cybersecurity and Infrastructure Security Agency (CISA), or US government in any way. CVE and the CVE logo are registered trademarks of The MITRE Corporation

© 2022 Exploit.Report | Data | Contact | Privacy Policy | Articles