CVE-2023-27597

Name of the Vulnerable Software and Affected Versions OpenSIPS versions prior to 3.1.8 and 3.2.5

Description OpenSIPS is a Session Initiation Protocol (SIP) server implementation. When a specially crafted SIP message is processed by the function rewrite ruri, a crash occurs due to a segmentation fault, causing the server to crash. This issue affects configurations containing functions that make use of the affected code, such as the function setport.

Recommendations For versions prior to 3.1.8, update to version 3.1.8 or later. For versions prior to 3.2.5, update to version 3.2.5 or later. As a temporary workaround, consider disabling the rewrite ruri function until a patch is available. Restrict access to configurations containing functions that make use of the affected code, such as the function setport, to minimize the risk of exploitation.