VYPR
Unrated severityNVD Advisory· Published Mar 15, 2023· Updated Feb 25, 2025

OpenSIPS has vulnerability in the codec_delete_XX() functions

CVE-2023-27596

Description

OpenSIPS is a Session Initiation Protocol (SIP) server implementation. Prior to versions 3.1.8 and 3.2.5, OpenSIPS crashes when a malformed SDP body is sent multiple times to an OpenSIPS configuration that makes use of the stream_process function. This issue was discovered during coverage guided fuzzing of the function codec_delete_except_re. By abusing this vulnerability, an attacker is able to crash the server. It affects configurations containing functions that rely on the affected code, such as the function codec_delete_except_re. This issue has been fixed in version 3.1.8 and 3.2.5.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • OpenSIPS/Opensipsllm-fuzzy2 versions
    <3.1.8 || >=3.2.0 <3.2.5+ 1 more
    • (no CPE)range: <3.1.8 || >=3.2.0 <3.2.5
    • (no CPE)range: < 3.1.8

Patches

Vulnerability mechanics

References

2

News mentions

0

No linked articles in our index yet.