Skip to content

Vulnerability in the building the local negative replies

High
razvancrainea published GHSA-7pf3-24qg-8v9h Mar 15, 2023

Package

opensips (OpenSIPS Core)

Affected versions

<=3.2

Patched versions

3.1.7, 3.2.4

Description

A potential issue was found in msg_translator.c:2628 which might lead to a server crash. This issue was found while fuzzing the function build_res_buf_from_sip_req but could not be reproduced against a running instance of OpenSIPS.

Impact

This issue could not be exploited against a running instance of OpenSIPS since no public function was
found to make use of this vulnerable code. Even in the case of exploitation through unknown vectors, it is
highly unlikely that this issue would lead to anything other than Denial of Service.

Patches

This issue has been fixed by commit 9cf3dd3.

References

Read more about this issue in the Audit Document section 3.9.

For more information

If you have any questions or comments about this advisory:

Severity

High
7.5
/ 10

CVSS base metrics

Attack vector
Network
Attack complexity
Low
Privileges required
None
User interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CVE ID

CVE-2023-28095

Weaknesses

No CWEs

Credits