CVE-2023-27597

EPSS 0.74%
Veröffentlicht 15.03.2023 21:15:09
Zuletzt bearbeitet 21.11.2024 07:53:13
Quelle security-advisories@github.com
CVE-Watchlists
Login
Unerledigt
Login

OpenSIPS has vulnerability in the parse_uri() function

OpenSIPS is a Session Initiation Protocol (SIP) server implementation. Prior to versions 3.1.8 and 3.2.5, when a specially crafted SIP message is processed by the function `rewrite_ruri`, a crash occurs due to a segmentation fault. This issue causes the server to crash. It affects configurations containing functions that make use of the affected code, such as the function `setport`. This issue has been fixed in version 3.1.8 and 3.2.5.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 5

NVD 2 VulnDex Vulnerability Enrichment 0

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Opensips ≫ Opensips Version < 3.1.8

Opensips ≫ Opensips Version >= 3.2.0 < 3.2.5

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.74%	0.496

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
security-advisories@github.com	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

https://github.com/OpenSIPS/opensips/commit/b2dffe4b5cd81182c9c8eabb6c96aac96c7acfe3

Patch

Third Party Advisory

https://github.com/OpenSIPS/opensips/security/advisories/GHSA-358f-935m-7p9c

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2023-27597

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-27597

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-27597

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2023-27597