UBUNTU-CVE-2023-27597

See a problem?
Please try reporting it to the source first.

Source

https://ubuntu.com/security/CVE-2023-27597

Import Source

https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2023/UBUNTU-CVE-2023-27597.json

JSON Data

https://api.osv.dev/v1/vulns/UBUNTU-CVE-2023-27597

Related

CVE-2023-27597

Published

2023-03-15T21:15:00Z

Modified

2025-01-13T10:24:19Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator

Summary

[none]

Details

OpenSIPS is a Session Initiation Protocol (SIP) server implementation. Prior to versions 3.1.8 and 3.2.5, when a specially crafted SIP message is processed by the function rewrite_ruri, a crash occurs due to a segmentation fault. This issue causes the server to crash. It affects configurations containing functions that make use of the affected code, such as the function setport. This issue has been fixed in version 3.1.8 and 3.2.5.

References

Affected packages

Ubuntu:Pro:18.04:LTS / opensips

Package

Name: opensips
Purl: pkg:deb/ubuntu/opensips@2.2.2-3build4?arch=source&distro=esm-apps/bionic

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

2.*

2.2.2-3build2

2.2.2-3build3

2.2.2-3build4

Ecosystem specific

{
    "ubuntu_priority": "medium"
}