CVE-2023-27600

Name of the Vulnerable Software and Affected Versions OpenSIPS versions prior to 3.1.7 and 3.2.4

Description OpenSIPS is a Session Initiation Protocol (SIP) server implementation. The issue arises when a malformed SDP body is received and processed by the delete sdp line function in the sipmsgops module. This can be reproduced by calling the function with an SDP body that does not terminate with a line feed (i.e., ). The vulnerability was discovered through black-box fuzzing and coverage-guided fuzzing on the codec delete except re function. The crash occurs because the delete sdp line function expects an SDP line to be terminated by a line feed ( ). An attacker can exploit this to crash the server, affecting configurations that rely on the affected code, such as the codec delete except re function. Exploitation results in a Denial of Service due to an abort in the lumps processing function.

Recommendations To resolve the issue, update to version 3.1.7 or 3.2.4, as these versions include the patch for this vulnerability. As a temporary workaround, consider restricting access to the delete sdp line function in the sipmsgops module until the update can be applied. Additionally, configurations containing functions that rely on the affected code, such as codec delete except re, should be reviewed to minimize the risk of exploitation.