Ubuntu.comUB:CVE-2023-27597CVE-2023-27597
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS
Percentile
61.8%
OpenSIPS is a Session Initiation Protocol (SIP) server implementation.
Prior to versions 3.1.8 and 3.2.5, when a specially crafted SIP message is
processed by the function rewrite_ruri, a crash occurs due to a
segmentation fault. This issue causes the server to crash. It affects
configurations containing functions that make use of the affected code,
such as the function setport. This issue has been fixed in version 3.1.8
and 3.2.5.
References
github.com/OpenSIPS/opensips/commit/b2dffe4b5cd81182c9c8eabb6c96aac96c7acfe3
github.com/OpenSIPS/opensips/security/advisories/GHSA-358f-935m-7p9c
launchpad.net/bugs/cve/CVE-2023-27597
nvd.nist.gov/vuln/detail/CVE-2023-27597
security-tracker.debian.org/tracker/CVE-2023-27597
www.cve.org/CVERecord?id=CVE-2023-27597
Related
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS
Percentile
61.8%