Ubuntu.comUB:CVE-2023-28095CVE-2023-28095
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS
Percentile
40.4%
OpenSIPS is a Session Initiation Protocol (SIP) server implementation.
Versions prior to 3.1.7 and 3.2.4 have a potential issue in
msg_translator.c:2628 which might lead to a server crash. This issue was
found while fuzzing the function build_res_buf_from_sip_req but could not
be reproduced against a running instance of OpenSIPS. This issue could not
be exploited against a running instance of OpenSIPS since no public
function was found to make use of this vulnerable code. Even in the case of
exploitation through unknown vectors, it is highly unlikely that this issue
would lead to anything other than Denial of Service. This issue has been
fixed in versions 3.1.7 and 3.2.4.
References
github.com/OpenSIPS/opensips/commit/9cf3dd3398719dd91207495f76d7726701c5145c
github.com/OpenSIPS/opensips/security/advisories/GHSA-7pf3-24qg-8v9h
launchpad.net/bugs/cve/CVE-2023-28095
nvd.nist.gov/vuln/detail/CVE-2023-28095
opensips.org/pub/audit-2022/opensips-audit-technical-report-full.pdf
security-tracker.debian.org/tracker/CVE-2023-28095
www.cve.org/CVERecord?id=CVE-2023-28095
Related
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS
Percentile
40.4%