Exploit Report

Computer Security And Bug Information


CVE Title
Published Date2023-03-15T21:15Z
Modified Date2023-03-21T19:13Z
CWE TypeNVD-CWE-noinfo
DescriptionOpenSIPS is a Session Initiation Protocol (SIP) server implementation. Prior to versions 3.1.7 and 3.2.4, when the function `append_hf` handles a SIP message with a malformed To header, a call to the function `abort()` is performed, resulting in a crash. This is due to the following check in `data_lump.c:399` in the function `anchor_lump`. An attacker abusing this vulnerability will crash OpenSIPS leading to Denial of Service. It affects configurations containing functions that make use of the affected code, such as the function `append_hf`. This issue has been fixed in versions 3.1.7 and 3.2.4.
By clicking these links you will leave this website. We do not endorse and will not be held accountable for any activity on external sites.
Reference URLhttps://github.com/OpenSIPS/opensips/security/advisories/GHSA-qvj2-vqrg-f5jx
Reference DescriptionMISC https://github.com/OpenSIPS/opensips/security/advisories/GHSA-qvj2-vqrg-f5jx
Reference URLhttps://github.com/OpenSIPS/opensips/commit/cb56694d290530ac308f44b453c18120b1c1109d
Reference DescriptionMISC https://github.com/OpenSIPS/opensips/commit/cb56694d290530ac308f44b453c18120b1c1109d
Reference URLhttps://opensips.org/pub/audit-2022/opensips-audit-technical-report-full.pdf
Reference DescriptionMISC https://opensips.org/pub/audit-2022/opensips-audit-technical-report-full.pdf
TagsThird Party Advisory

This site's data is aggregated programmatically and provided "as is" without any representations or warranties, express or implied. Exploit.report is not affiliated with the The MITRE Corporation, U.S. Department of Homeland Security (DHS), Cybersecurity and Infrastructure Security Agency (CISA), or US government in any way. CVE and the CVE logo are registered trademarks of The MITRE Corporation

© 2022 Exploit.Report | Data | Contact | Privacy Policy | Articles