UBUNTU-CVE-2023-27598
- Source
- https://ubuntu.com/security/CVE-2023-27598
- Import Source
- https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2023/UBUNTU-CVE-2023-27598.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/UBUNTU-CVE-2023-27598
- Upstream
- Published
- 2023-03-15T21:15:00Z
- Modified
- 2025-10-24T05:01:52Z
- Severity
-
- 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
- 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
- Ubuntu - medium
- Summary
- [none]
- Details
-
OpenSIPS is a Session Initiation Protocol (SIP) server implementation. Prior to versions 3.1.7 and 3.2.4, sending a malformed
Viaheader to OpenSIPS triggers a segmentation fault when the functioncalc_tag_suffixis called. A specially craftedViaheader, which is deemed correct by the parser, will pass uninitialized strings to the functionMD5StringArraywhich leads to the crash. Abuse of this vulnerability leads to Denial of Service due to a crash. Since the uninitialized string points to memory location0x0, no further exploitation appears to be possible. No special network privileges are required to perform this attack, as long as the OpenSIPS configuration makes use of functions such assl_send_replyorsl_gen_totagthat trigger the vulnerable code. This issue has been fixed in versions 3.1.7 and 3.2.4. - References
-
- https://ubuntu.com/security/CVE-2023-27598
- https://github.com/OpenSIPS/opensips/commit/ab611f74f69d9c42be5401c40d56ea06a58f5dd7
- https://github.com/OpenSIPS/opensips/security/advisories/GHSA-wxfg-3gwh-rhvx
- https://opensips.org/pub/audit-2022/opensips-audit-technical-report-full.pdf
- https://www.cve.org/CVERecord?id=CVE-2023-27598
Affected packages
Ubuntu:18.04:LTS / opensips
Package
- Name
- opensips
- Purl
- pkg:deb/ubuntu/opensips@2.2.2-3build4?arch=source&distro=bionic
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Ecosystem specific
{
"binaries": [
{
"binary_name": "opensips",
"binary_version": "2.2.2-3build4"
},
{
"binary_name": "opensips-b2bua-module",
"binary_version": "2.2.2-3build4"
},
{
"binary_name": "opensips-berkeley-bin",
"binary_version": "2.2.2-3build4"
},
{
"binary_name": "opensips-berkeley-module",
"binary_version": "2.2.2-3build4"
},
{
"binary_name": "opensips-carrierroute-module",
"binary_version": "2.2.2-3build4"
},
{
"binary_name": "opensips-compression-module",
"binary_version": "2.2.2-3build4"
},
{
"binary_name": "opensips-console",
"binary_version": "2.2.2-3build4"
},
{
"binary_name": "opensips-cpl-module",
"binary_version": "2.2.2-3build4"
},
{
"binary_name": "opensips-dbhttp-module",
"binary_version": "2.2.2-3build4"
},
{
"binary_name": "opensips-dialplan-module",
"binary_version": "2.2.2-3build4"
},
{
"binary_name": "opensips-emergency-module",
"binary_version": "2.2.2-3build4"
},
{
"binary_name": "opensips-geoip-module",
"binary_version": "2.2.2-3build4"
},
{
"binary_name": "opensips-http-modules",
"binary_version": "2.2.2-3build4"
},
{
"binary_name": "opensips-identity-module",
"binary_version": "2.2.2-3build4"
},
{
"binary_name": "opensips-jabber-module",
"binary_version": "2.2.2-3build4"
},
{
"binary_name": "opensips-json-module",
"binary_version": "2.2.2-3build4"
},
{
"binary_name": "opensips-ldap-modules",
"binary_version": "2.2.2-3build4"
},
{
"binary_name": "opensips-lua-module",
"binary_version": "2.2.2-3build4"
},
{
"binary_name": "opensips-memcached-module",
"binary_version": "2.2.2-3build4"
},
{
"binary_name": "opensips-mysql-module",
"binary_version": "2.2.2-3build4"
},
{
"binary_name": "opensips-perl-modules",
"binary_version": "2.2.2-3build4"
},
{
"binary_name": "opensips-postgres-module",
"binary_version": "2.2.2-3build4"
},
{
"binary_name": "opensips-presence-modules",
"binary_version": "2.2.2-3build4"
},
{
"binary_name": "opensips-rabbitmq-module",
"binary_version": "2.2.2-3build4"
},
{
"binary_name": "opensips-radius-modules",
"binary_version": "2.2.2-3build4"
},
{
"binary_name": "opensips-redis-module",
"binary_version": "2.2.2-3build4"
},
{
"binary_name": "opensips-regex-module",
"binary_version": "2.2.2-3build4"
},
{
"binary_name": "opensips-restclient-module",
"binary_version": "2.2.2-3build4"
},
{
"binary_name": "opensips-sctp-module",
"binary_version": "2.2.2-3build4"
},
{
"binary_name": "opensips-snmpstats-module",
"binary_version": "2.2.2-3build4"
},
{
"binary_name": "opensips-sqlite-module",
"binary_version": "2.2.2-3build4"
},
{
"binary_name": "opensips-tls-module",
"binary_version": "2.2.2-3build4"
},
{
"binary_name": "opensips-tlsmgm-module",
"binary_version": "2.2.2-3build4"
},
{
"binary_name": "opensips-unixodbc-module",
"binary_version": "2.2.2-3build4"
},
{
"binary_name": "opensips-wss-module",
"binary_version": "2.2.2-3build4"
},
{
"binary_name": "opensips-xmlrpc-module",
"binary_version": "2.2.2-3build4"
},
{
"binary_name": "opensips-xmpp-module",
"binary_version": "2.2.2-3build4"
}
]
}