{"uuid": "4456c4fc-375b-415b-8a9e-35c389b5a0e8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-27598", "type": "seen", "source": "https://t.me/cibsecurity/60091", "content": "\u203c CVE-2023-27598 \u203c\n\nOpenSIPS is a Session Initiation Protocol (SIP) server implementation. Prior to versions 3.1.7 and 3.2.4, sending a malformed `Via` header to OpenSIPS triggers a segmentation fault when the function `calc_tag_suffix` is called. A specially crafted `Via` header, which is deemed correct by the parser, will pass uninitialized strings to the function `MD5StringArray` which leads to the crash. Abuse of this vulnerability leads to Denial of Service due to a crash. Since the uninitialized string points to memory location `0x0`, no further exploitation appears to be possible. No special network privileges are required to perform this attack, as long as the OpenSIPS configuration makes use of functions such as `sl_send_reply` or `sl_gen_totag` that trigger the vulnerable code. This issue has been fixed in versions 3.1.7 and 3.2.4.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-03-15T23:30:09.000000Z"}