CVE-2023-28097

Name of the Vulnerable Software and Affected Versions OpenSIPS versions prior to 3.1.9 and 3.2.6

Description OpenSIPS is a Session Initiation Protocol (SIP) server implementation. A malformed SIP message containing a large Content-Length value and a specially crafted Request-URI causes a segmentation fault in OpenSIPS. This issue occurs when a large amount of shared memory using the -m flag was allocated to OpenSIPS. The only workaround is to guarantee that the Content-Length value of input messages is never larger than 2147483647.

Recommendations For versions prior to 3.1.9, update to version 3.1.9 or later. For versions prior to 3.2.6, update to version 3.2.6 or later. As a temporary workaround, consider guaranteeing that the Content-Length value of input messages is never larger than 2147483647 until a patch is available.