CVE-2023-27601

Name of the Vulnerable Software and Affected Versions OpenSIPS versions prior to 3.1.7 and 3.2.4

Description OpenSIPS is a Session Initiation Protocol (SIP) server implementation. The issue arises when a malformed SDP body is received and processed by the delete sdp line function in the sipmsgops module. This can be reproduced by calling the function with an SDP body that does not terminate with a line feed (i.e., ). The vulnerability was discovered through black-box fuzzing and coverage-guided fuzzing on the codec delete except re function. The crash occurs because the delete sdp line function expects an SDP line to be terminated by a line feed ( ). An attacker can exploit this to crash the server, affecting configurations that rely on the affected code, such as the codec delete except re function. Exploitation results in a Denial of Service due to an abort in the lumps processing function.

Recommendations To resolve the issue, update to version 3.1.7 or 3.2.4, as these versions have fixed the issue. As a temporary workaround, consider restricting the use of the delete sdp line function in the sipmsgops module until a patch is available. Avoid using configurations that rely on the affected code, such as the codec delete except re function, until the issue is resolved.