Skip to content

Vulnerability in the parse_to_param() function

High
razvancrainea published GHSA-qvj2-vqrg-f5jx Mar 15, 2023

Package

opensips (OpenSIPS Core)

Affected versions

<=3.2

Patched versions

3.1.7, 3.2.4

Description

When the function append_hf handles a SIP message with a malformed To header, a call to the function abort() is performed resulting in a crash. This is due to the following check in data_lump.c:399 in the function anchor_lump.

The payload that crashes the server is:

OPTIONS sip:127.0.0.1 SIP/2.0<CRLF>
Via: SIP/2.0/UDP 192.168.1.223:59589;rport;branch=z9hG4bK-dnOo7rULZLiOjRDh<CRLF>
To: a;a="T\

Impact

An attacker abusing this vulnerability will crash OpenSIPS leading to Denial of Service. It affects configurations containing functions that make use of the affected code, such as the function append_hf.

Patches

This issue has been fixed by commit cb56694.

References

Read more about this issue in the Audit Document section 3.8.

For more information

If you have any questions or comments about this advisory:

Severity

High
7.5
/ 10

CVSS base metrics

Attack vector
Network
Attack complexity
Low
Privileges required
None
User interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CVE ID

CVE-2023-27599

Weaknesses

No CWEs

Credits