CVE-2023-27599

Name of the Vulnerable Software and Affected Versions OpenSIPS versions prior to 3.1.7 and 3.2.4

Description OpenSIPS is a Session Initiation Protocol (SIP) server implementation. When the function append hf handles a SIP message with a malformed To header, a call to the function abort() is performed, resulting in a crash. This is due to the check in data lump.c:399 in the function anchor lump. An attacker abusing this issue will crash OpenSIPS leading to Denial of Service. It affects configurations containing functions that make use of the affected code, such as the function append hf.

Recommendations For versions prior to 3.1.7, update to version 3.1.7 or later. For versions prior to 3.2.4, update to version 3.2.4 or later. As a temporary workaround, consider disabling the append hf function until a patch is available.