CVE-2023-27598

Name of the Vulnerable Software and Affected Versions OpenSIPS versions prior to 3.1.7 and 3.2.4

Description OpenSIPS is a Session Initiation Protocol (SIP) server implementation. Sending a malformed Via header to OpenSIPS triggers a segmentation fault when the function calc tag suffix is called. A specially crafted Via header, which is deemed correct by the parser, will pass uninitialized strings to the function MD5StringArray which leads to the crash. Abuse of this issue leads to Denial of Service due to a crash. Since the uninitialized string points to memory location 0x0, no further exploitation appears to be possible. No special network privileges are required to perform this attack, as long as the OpenSIPS configuration makes use of functions such as sl send reply or sl gen totag that trigger the vulnerable code.

Recommendations For OpenSIPS versions prior to 3.1.7, update to version 3.1.7 or later. For OpenSIPS versions prior to 3.2.4, update to version 3.2.4 or later. As a temporary workaround, consider restricting the use of functions such as sl send reply or sl gen totag that trigger the vulnerable code until a patch is applied.