CVE-2023-28095
OpenSIPS has vulnerability in the building the local negative replies
Severity Score
7.5
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
OpenSIPS is a Session Initiation Protocol (SIP) server implementation. Versions prior to 3.1.7 and 3.2.4 have a potential issue in `msg_translator.c:2628` which might lead to a server crash. This issue was found while fuzzing the function `build_res_buf_from_sip_req` but could not be reproduced against a running instance of OpenSIPS. This issue could not be exploited against a running instance of OpenSIPS since no public function was found to make use of this vulnerable code. Even in the case of exploitation through unknown vectors, it is highly unlikely that this issue would lead to anything other than Denial of Service. This issue has been fixed in versions 3.1.7 and 3.2.4.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2023-03-10 CVE Reserved
- 2023-03-15 CVE Published
- 2024-08-02 CVE Updated
- 2024-11-03 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-20: Improper Input Validation
CAPEC
References (3)
| URL | Tag | Source |
|---|---|---|
| https://github.com/OpenSIPS/opensips/security/advisories/GHSA-7pf3-24qg-8v9h | Third Party Advisory |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://github.com/OpenSIPS/opensips/commit/9cf3dd3398719dd91207495f76d7726701c5145c | 2023-03-21 |
| URL | Date | SRC |
|---|---|---|
| https://opensips.org/pub/audit-2022/opensips-audit-technical-report-full.pdf | 2023-03-21 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Opensips Search vendor "Opensips" | Opensips Search vendor "Opensips" for product "Opensips" | < 3.1.7 Search vendor "Opensips" for product "Opensips" and version " < 3.1.7" | - |
Affected
| ||||||
| Opensips Search vendor "Opensips" | Opensips Search vendor "Opensips" for product "Opensips" | >= 3.2.0 < 3.2.4 Search vendor "Opensips" for product "Opensips" and version " >= 3.2.0 < 3.2.4" | - |
Affected
| ||||||