CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2023-28099 – OpenSIPS has vulnerability in the ds_is_in_list() function
https://notcve.org/view.php?id=CVE-2023-28099
OpenSIPS is a Session Initiation Protocol (SIP) server implementation. Prior to versions 3.1.9 and 3.2.6, if `ds_is_in_list()` is used with an invalid IP address string (`NULL` is illegal input), OpenSIPS will attempt to print a string from a random address (stack garbage), which could lead to a crash. All users of `ds_is_in_list()` without the `$si` variable as 1st parameter could be affected by this vulnerability to a larger, lesser or no extent at all, depending if the data passed to the function is a valid IPv4 or IPv6 address string or not. Fixes will are available starting with the 3.1.9 and 3.2.6 minor releases. There are no known workarounds. • https://github.com/OpenSIPS/opensips/commit/e2f13d374 https://github.com/OpenSIPS/opensips/issues/2780 https://github.com/OpenSIPS/opensips/security/advisories/GHSA-pfm5-6vhv-3ff3 • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2023-28098 – OpenSIPS has vulnerability in the Digest Authentication Parser
https://notcve.org/view.php?id=CVE-2023-28098
OpenSIPS is a Session Initiation Protocol (SIP) server implementation. Prior to versions 3.1.7 and 3.2.4, a specially crafted Authorization header causes OpenSIPS to crash or behave in an unexpected way due to a bug in the function `parse_param_name()` . This issue was discovered while performing coverage guided fuzzing of the function parse_msg. The AddressSanitizer identified that the issue occurred in the function `q_memchr()` which is being called by the function `parse_param_name()`. This issue may cause erratic program behaviour or a server crash. • https://github.com/OpenSIPS/opensips/commit/dd9141b6f67d7df4072f3430f628d4b73df5e102 https://github.com/OpenSIPS/opensips/security/advisories/GHSA-jrqg-vppj-hr2h https://opensips.org/pub/audit-2022/opensips-audit-technical-report-full.pdf • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2023-28097 – OpenSIPS has vulnerability in the Content-Length Parser
https://notcve.org/view.php?id=CVE-2023-28097
OpenSIPS is a Session Initiation Protocol (SIP) server implementation. Prior to versions 3.1.9 and 3.2.6, a malformed SIP message containing a large _Content-Length_ value and a specially crafted Request-URI causes a segmentation fault in OpenSIPS. This issue occurs when a large amount of shared memory using the `-m` flag was allocated to OpenSIPS, such as 10 GB of RAM. On the test system, this issue occurred when shared memory was set to `2362` or higher. This issue is fixed in versions 3.1.9 and 3.2.6. • https://github.com/OpenSIPS/opensips/commit/7cab422e2fc648f910abba34f3f0dbb3ae171ff5 https://github.com/OpenSIPS/opensips/security/advisories/GHSA-c6j5-f4h4-2xrq https://opensips.org/pub/audit-2022/opensips-audit-technical-report-full.pdf • CWE-190: Integer Overflow or Wraparound •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2023-28096 – OpenSIPS has memory leak in cJSON lib
https://notcve.org/view.php?id=CVE-2023-28096
OpenSIPS, a Session Initiation Protocol (SIP) server implementation, has a memory leak starting in the 2.3 branch and priot to versions 3.1.8 and 3.2.5. The memory leak was detected in the function `parse_mi_request` while performing coverage-guided fuzzing. This issue can be reproduced by sending multiple requests of the form `{"jsonrpc": "2.0","method": "log_le`. This malformed message was tested against an instance of OpenSIPS via FIFO transport layer and was found to increase the memory consumption over time. To abuse this memory leak, attackers need to reach the management interface (MI) which typically should only be exposed on trusted interfaces. In cases where the MI is exposed to the internet without authentication, abuse of this issue will lead to memory exhaustion which may affect the underlying system’s availability. • https://github.com/OpenSIPS/opensips/commit/417568707520af25ec5c5dd91da18e6db3649dcb https://github.com/OpenSIPS/opensips/security/advisories/GHSA-2mg2-g46r-j4qr https://opensips.org/pub/audit-2022/opensips-audit-technical-report-full.pdf • CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2023-28095 – OpenSIPS has vulnerability in the building the local negative replies
https://notcve.org/view.php?id=CVE-2023-28095
OpenSIPS is a Session Initiation Protocol (SIP) server implementation. Versions prior to 3.1.7 and 3.2.4 have a potential issue in `msg_translator.c:2628` which might lead to a server crash. This issue was found while fuzzing the function `build_res_buf_from_sip_req` but could not be reproduced against a running instance of OpenSIPS. This issue could not be exploited against a running instance of OpenSIPS since no public function was found to make use of this vulnerable code. Even in the case of exploitation through unknown vectors, it is highly unlikely that this issue would lead to anything other than Denial of Service. • https://github.com/OpenSIPS/opensips/commit/9cf3dd3398719dd91207495f76d7726701c5145c https://github.com/OpenSIPS/opensips/security/advisories/GHSA-7pf3-24qg-8v9h https://opensips.org/pub/audit-2022/opensips-audit-technical-report-full.pdf • CWE-20: Improper Input Validation •