CVE-2023-27597

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2023-27597

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-27597.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2023-27597

Related

GHSA-358f-935m-7p9c
UBUNTU-CVE-2023-27597

Published

2023-03-15T21:15:09Z

Modified

2025-01-15T04:49:04.012644Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator

Summary

[none]

Details

OpenSIPS is a Session Initiation Protocol (SIP) server implementation. Prior to versions 3.1.8 and 3.2.5, when a specially crafted SIP message is processed by the function rewrite_ruri, a crash occurs due to a segmentation fault. This issue causes the server to crash. It affects configurations containing functions that make use of the affected code, such as the function setport. This issue has been fixed in version 3.1.8 and 3.2.5.

References

Affected packages

Git / github.com/opensips/opensips

Affected ranges

Type: GIT
Repo: https://github.com/opensips/opensips
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

b2dffe4b5cd81182c9c8eabb6c96aac96c7acfe3

Fixed

b2dffe4b5cd81182c9c8eabb6c96aac96c7acfe3

Affected versions

1.*

1.11.0

2.*

2.1-alpha1

2.1-alpha2

2.1-alpha3

2.1-rc1

3.*

3.2.0

3.2.0-beta

3.2.0-rc1

3.2.1

3.2.2

3.2.3

3.2.4