CVE-2023-28095

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2023-28095
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-28095.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2023-28095
Downstream
Related
  • GHSA-7pf3-24qg-8v9h
Published
2023-03-15T22:15:10Z
Modified
2025-10-10T04:29:46.085909Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
[none]
Details

OpenSIPS is a Session Initiation Protocol (SIP) server implementation. Versions prior to 3.1.7 and 3.2.4 have a potential issue in msg_translator.c:2628 which might lead to a server crash. This issue was found while fuzzing the function build_res_buf_from_sip_req but could not be reproduced against a running instance of OpenSIPS. This issue could not be exploited against a running instance of OpenSIPS since no public function was found to make use of this vulnerable code. Even in the case of exploitation through unknown vectors, it is highly unlikely that this issue would lead to anything other than Denial of Service. This issue has been fixed in versions 3.1.7 and 3.2.4.

References

Affected packages

Git / github.com/opensips/opensips

Affected ranges

Type
GIT
Repo
https://github.com/opensips/opensips
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
9cf3dd3398719dd91207495f76d7726701c5145c

Affected versions

1.*

1.11.0

2.*

2.1-alpha1
2.1-alpha2
2.1-alpha3
2.1-rc1

Database specific 

{
    "vanir_signatures": [
        {
            "id": "CVE-2023-28095-235fdec8",
            "digest": {
                "length": 6265.0,
                "function_hash": "164327762155485504597789845873809171152"
            },
            "signature_version": "v1",
            "target": {
                "function": "build_res_buf_from_sip_req",
                "file": "msg_translator.c"
            },
            "source": "https://github.com/opensips/opensips/commit/9cf3dd3398719dd91207495f76d7726701c5145c",
            "deprecated": false,
            "signature_type": "Function"
        },
        {
            "id": "CVE-2023-28095-7048d9e8",
            "digest": {
                "line_hashes": [
                    "183745292558010935756578685329216056440",
                    "89152428422074969260936116989032673430",
                    "154266952315270027373778701572624777983",
                    "106357428080462658141317320634808646213",
                    "338175426793858169481241328967035641515",
                    "196340786867069280947942846056608777298",
                    "256057741716506707242530853434281963999",
                    "229629135888601930019939866463737444129",
                    "159343536154157632186098831808616407290",
                    "205022826425681429758271100621733342355",
                    "29600618684165342457720527274538670740",
                    "121224430079838856627360708488059766957",
                    "312569396573225124526415144688639490129",
                    "106661840216547093590351876374050591759",
                    "131493753331531017322372981937307508781",
                    "93762395660342088943063623916535473023",
                    "247793498068408145990572256154665128633",
                    "187053955270206513389585961047500780866",
                    "294751521579686736190442723774558933909",
                    "236942596432518590384529763296850842819",
                    "170613700947275302310766942470502114871",
                    "156113778800533558493882087841097309181",
                    "9241116760497988774768105399396830762",
                    "202839814687530510430619314457312223143",
                    "73483152928275030544421459026523912177",
                    "92290404273351772373002629965651375628",
                    "255103427064356949994733860384697497962",
                    "268731699292290785403597240122060149522",
                    "292035165656377418396404381034429952795",
                    "230060981538858660239013768978196652799",
                    "185001989735275705690668069919075168986",
                    "273105709608729632356987049051057804932",
                    "290714681739793821926143330526341582514",
                    "114157917128987570985150298448329197566",
                    "295041373749900351519860586107271500554",
                    "128264369997051865537376371671356253961",
                    "287162918492433354006767670272936577691",
                    "153336860847881224496034457638172771468",
                    "243505460080401308760045343585577520526",
                    "335760019071269951241882408044434216915",
                    "179070853638018043478319899975605702123",
                    "70591084632626984049382830707955120659",
                    "189090671139897868472789721666058027284",
                    "30394797966336158391308515922971666471",
                    "200711548494800260220208587619739339076",
                    "252592808921079241306719183695197222899",
                    "188908719523985207062617686392016579956",
                    "87259934783664047206856435365088526713",
                    "303602718194065662240865952131802310237",
                    "303854202792082820776258690407479066439",
                    "286062592141667810441985636920138856862",
                    "242873978915738293279600719159428817638",
                    "312135066639430631863349458158412821485",
                    "89025264728378899357353720687007697547",
                    "305025461648751246093970504252664190627",
                    "65999931445847637348553237355759958537",
                    "280490831709594055316994737870874952408",
                    "321151782197398265359212049996095747000",
                    "259531844180283559240236705961634167730",
                    "173636282561391497810883794201025255905",
                    "200748687016923435788834727767902230561",
                    "219459707999159936441170200283557868579",
                    "13958222826858759459895141829979771605",
                    "190916111268577980684591339672566750335",
                    "261661427983830915530118248319392643560",
                    "96633747321961619132083925895969928729",
                    "49926225890359358935979550800424026295",
                    "190916111268577980684591339672566750335",
                    "147997441917281382114413775240149206660",
                    "151878280472081238218653642970889215290",
                    "47552779707814845140247635050308487263",
                    "294193000252915061903723883374790793947",
                    "279490373807546651805378272111562753305",
                    "158951024042716061683560766934055118739",
                    "240063349614350677721683235699448101422",
                    "212931425234635270819943774396786640430",
                    "97650020969756418688365471867623204565",
                    "251597902551227629658417569488385722982",
                    "269288048608507950754702509626711021000",
                    "266722629425860995550335232125778977115",
                    "178798436396474939012253079878174537766",
                    "229899073048868669669655909506024132992",
                    "77764264155338184453383121886025312664",
                    "178875615366978945409222705303772171811",
                    "172952756358519119730210793287352591528",
                    "60374742407636152906883340684940288567",
                    "330296425694586335675109908910569426451",
                    "159013899756273279479326445371367065856",
                    "310457502385086915521482983996817965453",
                    "81353001380922398610748971913827444255",
                    "23186939595099900172772625236391617003",
                    "149484680133626080968580339660466657924",
                    "128369395178033969265301384351134662604",
                    "282914532326986852112214593389755120721",
                    "168014951792425135597959272770068720142",
                    "191355069665373271869276335439525696001",
                    "281130494877076891434880666037554270669",
                    "318616521362790916287549473515519860611",
                    "35133139480165960009040363322243446759",
                    "167178753099118690791416915960008147631",
                    "208319240900953008469774822578928834333",
                    "115015437040411695576397700141861173566",
                    "127211227926484139504718507630080005201",
                    "155830759801014574799597261457300989257",
                    "325212406190355983614692325606478271745",
                    "285347722427055230687916106226076357341",
                    "273387436127725863337677652334118146151",
                    "81482027593574105462360867416308461566",
                    "17440118444636951881963763037051374278",
                    "212193942646446753260606954855238121543",
                    "296347209817298267475268295458768504292",
                    "141467478661400960761569996841513484260",
                    "214921133566751161635632001483895261835",
                    "94740991481981216648182526769557728674",
                    "185001989735275705690668069919075168986",
                    "273105709608729632356987049051057804932",
                    "144921482434176707460351577269278146716",
                    "164921638524000013380624704027099717769",
                    "98442871627389579140310254982249079205"
                ],
                "threshold": 0.9
            },
            "signature_version": "v1",
            "target": {
                "file": "msg_translator.c"
            },
            "source": "https://github.com/opensips/opensips/commit/9cf3dd3398719dd91207495f76d7726701c5145c",
            "deprecated": false,
            "signature_type": "Line"
        }
    ]
}