VYPR
Vendor

OpenSIPS

Products
1
CVEs
14
Across products
14
Status
Private

Products

1

Recent CVEs

14
  • CVE-2026-36670HigJun 15, 2026
    risk 0.57cvss 8.8epss 0.00

    A Time-Based Blind SQL Injection vulnerability in the alias_management module of OpenSIPS Control Panel (opensips-cp) prior to version 9.3.3 allows authenticated attackers to execute arbitrary SQL commands via the 'table' GET parameter in alias_management.php.

  • CVE-2026-25554MedFeb 25, 2026
    risk 0.42cvss 6.5epss 0.00

    OpenSIPS versions 3.1 before 3.6.4 containing the auth_jwt module (prior to commit 3822d33) contain a SQL injection vulnerability in the jwt_db_authorize() function in modules/auth_jwt/authorize.c when db_mode is enabled and a SQL database backend is used. The function extracts…

  • CVE-2023-28099Mar 15, 2023
    risk 0.00cvss epss 0.01

    OpenSIPS is a Session Initiation Protocol (SIP) server implementation. Prior to versions 3.1.9 and 3.2.6, if `ds_is_in_list()` is used with an invalid IP address string (`NULL` is illegal input), OpenSIPS will attempt to print a string from a random address (stack garbage),…

  • CVE-2023-28098Mar 15, 2023
    risk 0.00cvss epss 0.01

    OpenSIPS is a Session Initiation Protocol (SIP) server implementation. Prior to versions 3.1.7 and 3.2.4, a specially crafted Authorization header causes OpenSIPS to crash or behave in an unexpected way due to a bug in the function `parse_param_name()` . This issue was…

  • CVE-2023-28097Mar 15, 2023
    risk 0.00cvss epss 0.01

    OpenSIPS is a Session Initiation Protocol (SIP) server implementation. Prior to versions 3.1.9 and 3.2.6, a malformed SIP message containing a large _Content-Length_ value and a specially crafted Request-URI causes a segmentation fault in OpenSIPS. This issue occurs when a large…

  • CVE-2023-28096Mar 15, 2023
    risk 0.00cvss epss 0.01

    OpenSIPS, a Session Initiation Protocol (SIP) server implementation, has a memory leak starting in the 2.3 branch and priot to versions 3.1.8 and 3.2.5. The memory leak was detected in the function `parse_mi_request` while performing coverage-guided fuzzing. This issue can be…

  • CVE-2023-28095Mar 15, 2023
    risk 0.00cvss epss 0.01

    OpenSIPS is a Session Initiation Protocol (SIP) server implementation. Versions prior to 3.1.7 and 3.2.4 have a potential issue in `msg_translator.c:2628` which might lead to a server crash. This issue was found while fuzzing the function `build_res_buf_from_sip_req` but could…

  • CVE-2023-27601Mar 15, 2023
    risk 0.00cvss epss 0.01

    OpenSIPS is a Session Initiation Protocol (SIP) server implementation. Prior to versions 3.1.7 and 3.2.4, OpenSIPS crashes when a malformed SDP body is received and is processed by the `delete_sdp_line` function in the sipmsgops module. This issue can be reproduced by calling…

  • CVE-2023-27600Mar 15, 2023
    risk 0.00cvss epss 0.01

    OpenSIPS is a Session Initiation Protocol (SIP) server implementation. Prior to versions 3.1.7 and 3.2.4, OpenSIPS crashes when a malformed SDP body is received and is processed by the `delete_sdp_line` function in the sipmsgops module. This issue can be reproduced by calling…

  • CVE-2023-27599Mar 15, 2023
    risk 0.00cvss epss 0.01

    OpenSIPS is a Session Initiation Protocol (SIP) server implementation. Prior to versions 3.1.7 and 3.2.4, when the function `append_hf` handles a SIP message with a malformed To header, a call to the function `abort()` is performed, resulting in a crash. This is due to the…

  • CVE-2023-27598Mar 15, 2023
    risk 0.00cvss epss 0.01

    OpenSIPS is a Session Initiation Protocol (SIP) server implementation. Prior to versions 3.1.7 and 3.2.4, sending a malformed `Via` header to OpenSIPS triggers a segmentation fault when the function `calc_tag_suffix` is called. A specially crafted `Via` header, which is deemed…

  • CVE-2023-27597Mar 15, 2023
    risk 0.00cvss epss 0.01

    OpenSIPS is a Session Initiation Protocol (SIP) server implementation. Prior to versions 3.1.8 and 3.2.5, when a specially crafted SIP message is processed by the function `rewrite_ruri`, a crash occurs due to a segmentation fault. This issue causes the server to crash. It…

  • CVE-2023-27596Mar 15, 2023
    risk 0.00cvss epss 0.01

    OpenSIPS is a Session Initiation Protocol (SIP) server implementation. Prior to versions 3.1.8 and 3.2.5, OpenSIPS crashes when a malformed SDP body is sent multiple times to an OpenSIPS configuration that makes use of the `stream_process` function. This issue was discovered…

  • CVE-2013-3722Feb 17, 2020
    risk 0.00cvss epss 0.01

    A Denial of Service (infinite loop) exists in OpenSIPS before 1.10 in lookup.c.