CVE-2023-27598

Published: Mar 15, 2023

Modified: Feb 25, 2025

PUBLISHED

CVSS v3.1

7.5

HIGH

Description

OpenSIPS is a Session Initiation Protocol (SIP) server implementation. Prior to versions 3.1.7 and 3.2.4, sending a malformed `Via` header to OpenSIPS triggers a segmentation fault when the function `calc_tag_suffix` is called. A specially crafted `Via` header, which is deemed correct by the parser, will pass uninitialized strings to the function `MD5StringArray` which leads to the crash. Abuse of this vulnerability leads to Denial of Service due to a crash. Since the uninitialized string points to memory location `0x0`, no further exploitation appears to be possible. No special network privileges are required to perform this attack, as long as the OpenSIPS configuration makes use of functions such as `sl_send_reply` or `sl_gen_totag` that trigger the vulnerable code. This issue has been fixed in versions 3.1.7 and 3.2.4.

Vendor	Product	Versions
OpenSIPS	opensips	affected `< 3.1.7` affected `>= 3.2.0, < 3.2.4`

Weaknesses (CWE)

CWE-908

CVSS v3.1 Details

CVSS v3.1 Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

References

https://github.com/OpenSIPS/opensips/security/advisories/GHSA-wxfg-3gwh-rhvx

x_refsource_CONFIRM

https://github.com/OpenSIPS/opensips/commit/ab611f74f69d9c42be5401c40d56ea06a58f5dd7

x_refsource_MISC

https://opensips.org/pub/audit-2022/opensips-audit-technical-report-full.pdf

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2023-27598

Description

Affected Products

Weaknesses (CWE)

CVSS v3.1 Details

References