CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2023-27601 – OpenSIPS has vulnerability in the codec_delete_XX() functions
https://notcve.org/view.php?id=CVE-2023-27601
OpenSIPS is a Session Initiation Protocol (SIP) server implementation. Prior to versions 3.1.7 and 3.2.4, OpenSIPS crashes when a malformed SDP body is received and is processed by the `delete_sdp_line` function in the sipmsgops module. This issue can be reproduced by calling the function with an SDP body that does not terminate by a line feed (i.e. `\n`). The vulnerability was found while performing black-box fuzzing against an OpenSIPS server running a configuration that made use of the functions `codec_delete_except_re` and `codec_delete_re`. The same issue was also discovered while performing coverage guided fuzzing on the function `codec_delete_except_re`. • https://github.com/OpenSIPS/opensips/commit/8f87c7c03da55f9c79bd92e67fa2c94b2a7ce5cf https://github.com/OpenSIPS/opensips/security/advisories/GHSA-xj5x-g52f-548h https://opensips.org/docs/modules/3.3.x/sipmsgops.html https://opensips.org/pub/audit-2022/opensips-audit-technical-report-full.pdf • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2023-27600 – OpenSIPS has vulnerability in the codec_delete_XX() functions
https://notcve.org/view.php?id=CVE-2023-27600
OpenSIPS is a Session Initiation Protocol (SIP) server implementation. Prior to versions 3.1.7 and 3.2.4, OpenSIPS crashes when a malformed SDP body is received and is processed by the `delete_sdp_line` function in the sipmsgops module. This issue can be reproduced by calling the function with an SDP body that does not terminate by a line feed (i.e. `\n`). The vulnerability was found while performing black-box fuzzing against an OpenSIPS server running a configuration that made use of the functions `codec_delete_except_re` and `codec_delete_re`. The same issue was also discovered while performing coverage guided fuzzing on the function `codec_delete_except_re`. • https://github.com/OpenSIPS/opensips/commit/c6ab3bb406c447e30c7d33a1a8970048b4612100 https://github.com/OpenSIPS/opensips/security/advisories/GHSA-67w7-g4j8-3wcx https://opensips.org/docs/modules/3.3.x/sipmsgops.html https://opensips.org/pub/audit-2022/opensips-audit-technical-report-full.pdf • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2023-27599 – OpenSIPS has vulnerability in the parse_to_param() function
https://notcve.org/view.php?id=CVE-2023-27599
OpenSIPS is a Session Initiation Protocol (SIP) server implementation. Prior to versions 3.1.7 and 3.2.4, when the function `append_hf` handles a SIP message with a malformed To header, a call to the function `abort()` is performed, resulting in a crash. This is due to the following check in `data_lump.c:399` in the function `anchor_lump`. An attacker abusing this vulnerability will crash OpenSIPS leading to Denial of Service. It affects configurations containing functions that make use of the affected code, such as the function `append_hf`. • https://github.com/OpenSIPS/opensips/commit/cb56694d290530ac308f44b453c18120b1c1109d https://github.com/OpenSIPS/opensips/security/advisories/GHSA-qvj2-vqrg-f5jx https://opensips.org/pub/audit-2022/opensips-audit-technical-report-full.pdf • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2023-27598 – OpenSIPS has vulnerability in the parse_via() function
https://notcve.org/view.php?id=CVE-2023-27598
OpenSIPS is a Session Initiation Protocol (SIP) server implementation. Prior to versions 3.1.7 and 3.2.4, sending a malformed `Via` header to OpenSIPS triggers a segmentation fault when the function `calc_tag_suffix` is called. A specially crafted `Via` header, which is deemed correct by the parser, will pass uninitialized strings to the function `MD5StringArray` which leads to the crash. Abuse of this vulnerability leads to Denial of Service due to a crash. Since the uninitialized string points to memory location `0x0`, no further exploitation appears to be possible. • https://github.com/OpenSIPS/opensips/commit/ab611f74f69d9c42be5401c40d56ea06a58f5dd7 https://github.com/OpenSIPS/opensips/security/advisories/GHSA-wxfg-3gwh-rhvx https://opensips.org/pub/audit-2022/opensips-audit-technical-report-full.pdf • CWE-908: Use of Uninitialized Resource •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2023-27597 – OpenSIPS has vulnerability in the parse_uri() function
https://notcve.org/view.php?id=CVE-2023-27597
OpenSIPS is a Session Initiation Protocol (SIP) server implementation. Prior to versions 3.1.8 and 3.2.5, when a specially crafted SIP message is processed by the function `rewrite_ruri`, a crash occurs due to a segmentation fault. This issue causes the server to crash. It affects configurations containing functions that make use of the affected code, such as the function `setport`. This issue has been fixed in version 3.1.8 and 3.2.5. • https://github.com/OpenSIPS/opensips/commit/b2dffe4b5cd81182c9c8eabb6c96aac96c7acfe3 https://github.com/OpenSIPS/opensips/security/advisories/GHSA-358f-935m-7p9c • CWE-20: Improper Input Validation •