CVE-2023-28099 - OpenCVE

OpenSIPS is a Session Initiation Protocol (SIP) server implementation. Prior to versions 3.1.9 and 3.2.6, if `ds_is_in_list()` is used with an invalid IP address string (`NULL` is illegal input), OpenSIPS will attempt to print a string from a random address (stack garbage), which could lead to a crash. All users of `ds_is_in_list()` without the `$si` variable as 1st parameter could be affected by this vulnerability to a larger, lesser or no extent at all, depending if the data passed to the function is a valid IPv4 or IPv6 address string or not. Fixes will are available starting with the 3.1.9 and 3.2.6 minor releases. There are no known workarounds.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

Vendors	Products
Opensips	Opensips

Configuration 1 [-]

OR	cpe:2.3:a:opensips:opensips::::::::
	cpe:2.3:a:opensips:opensips::::::::

References

Link	Resource
https://github.com/OpenSIPS/opensips/commit/e2f13d374	Patch Third Party Advisory
https://github.com/OpenSIPS/opensips/issues/2780	Third Party Advisory
https://github.com/OpenSIPS/opensips/security/advisories/GHSA-pfm5-6vhv-3ff3	Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: GitHub_M

Published: 2023-03-15T22:16:57.958Z

Updated: 2023-03-15T22:16:57.958Z

Reserved: 2023-03-10T18:34:29.226Z

Link: CVE-2023-28099

JSON object: View

NVD Information

Status : Modified

Published: 2023-03-15T23:15:09.807

Modified: 2023-11-07T04:10:24.310

Link: CVE-2023-28099

JSON object: View

Redhat Information

No data.

CWE

{"dataType": "CVE_RECORD", "dataVersion": "5.0", "cveMetadata": {"cveId": "CVE-2023-28099", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2023-03-10T18:34:29.226Z", "datePublished": "2023-03-15T22:16:57.958Z", "dateUpdated": "2023-03-15T22:16:57.958Z"}, "containers": {"cna": {"title": "OpenSIPS has vulnerability in the ds_is_in_list() function", "problemTypes": [{"descriptions": [{"cweId": "CWE-20", "lang": "en", "description": "CWE-20: Improper Input Validation", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}}], "references": [{"name": "https://github.com/OpenSIPS/opensips/security/advisories/GHSA-pfm5-6vhv-3ff3", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/OpenSIPS/opensips/security/advisories/GHSA-pfm5-6vhv-3ff3"}, {"name": "https://github.com/OpenSIPS/opensips/issues/2780", "tags": ["x_refsource_MISC"], "url": "https://github.com/OpenSIPS/opensips/issues/2780"}, {"name": "https://github.com/OpenSIPS/opensips/commit/e2f13d374", "tags": ["x_refsource_MISC"], "url": "https://github.com/OpenSIPS/opensips/commit/e2f13d374"}], "affected": [{"vendor": "OpenSIPS", "product": "opensips", "versions": [{"version": "< 3.1.9", "status": "affected"}, {"version": ">= 3.2.0, < 3.2.6", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2023-03-15T22:16:57.958Z"}, "descriptions": [{"lang": "en", "value": "OpenSIPS is a Session Initiation Protocol (SIP) server implementation. Prior to versions 3.1.9 and 3.2.6, if `ds_is_in_list()` is used with an invalid IP address string (`NULL` is illegal input), OpenSIPS will attempt to print a string from a random address (stack garbage), which could lead to a crash. All users of `ds_is_in_list()` without the `$si` variable as 1st parameter could be affected by this vulnerability to a larger, lesser or no extent at all, depending if the data passed to the function is a valid IPv4 or IPv6 address string or not. Fixes will are available starting with the 3.1.9 and 3.2.6 minor releases. There are no known workarounds."}], "source": {"advisory": "GHSA-pfm5-6vhv-3ff3", "discovery": "UNKNOWN"}}}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:opensips:opensips:*:*:*:*:*:*:*:*", "matchCriteriaId": "F318FB66-A6E9-4A16-996B-DD76A8C64A6E", "versionEndExcluding": "3.1.9", "vulnerable": true}, {"criteria": "cpe:2.3:a:opensips:opensips:*:*:*:*:*:*:*:*", "matchCriteriaId": "3C466525-94B6-4196-9CEA-CD72452FE22D", "versionEndExcluding": "3.2.6", "versionStartIncluding": "3.2.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "OpenSIPS is a Session Initiation Protocol (SIP) server implementation. Prior to versions 3.1.9 and 3.2.6, if `ds_is_in_list()` is used with an invalid IP address string (`NULL` is illegal input), OpenSIPS will attempt to print a string from a random address (stack garbage), which could lead to a crash. All users of `ds_is_in_list()` without the `$si` variable as 1st parameter could be affected by this vulnerability to a larger, lesser or no extent at all, depending if the data passed to the function is a valid IPv4 or IPv6 address string or not. Fixes will are available starting with the 3.1.9 and 3.2.6 minor releases. There are no known workarounds."}], "id": "CVE-2023-28099", "lastModified": "2023-11-07T04:10:24.310", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 2.2, "impactScore": 3.6, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2023-03-15T23:15:09.807", "references": [{"source": "security-advisories@github.com", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/OpenSIPS/opensips/commit/e2f13d374"}, {"source": "security-advisories@github.com", "tags": ["Third Party Advisory"], "url": "https://github.com/OpenSIPS/opensips/issues/2780"}, {"source": "security-advisories@github.com", "tags": ["Third Party Advisory"], "url": "https://github.com/OpenSIPS/opensips/security/advisories/GHSA-pfm5-6vhv-3ff3"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-20"}], "source": "security-advisories@github.com", "type": "Secondary"}]}