CVE-2023-28095— OpenSIPS 输入验证错误漏洞
新しい脆弱性情報の通知を購読するログインして購読
I. CVE-2023-28095の基本情報
脆弱性情報
脆弱性についてご質問がありますか?Shenlongの分析が参考になるかご確認ください!
Shenlongの10の質問を表示 ↗ 高度な大規模言語モデル技術を使用していますが、出力には不正確または古い情報が含まれる可能性があります。Shenlongはデータの正確性を確保するよう努めていますが、実際の状況に基づいて検証・判断してください。
脆弱性タイトル
OpenSIPS has vulnerability in the building the local negative replies
ソース: NVD (National Vulnerability Database)
脆弱性説明
OpenSIPS is a Session Initiation Protocol (SIP) server implementation. Versions prior to 3.1.7 and 3.2.4 have a potential issue in `msg_translator.c:2628` which might lead to a server crash. This issue was found while fuzzing the function `build_res_buf_from_sip_req` but could not be reproduced against a running instance of OpenSIPS. This issue could not be exploited against a running instance of OpenSIPS since no public function was found to make use of this vulnerable code. Even in the case of exploitation through unknown vectors, it is highly unlikely that this issue would lead to anything other than Denial of Service. This issue has been fixed in versions 3.1.7 and 3.2.4.
ソース: NVD (National Vulnerability Database)
CVSS情報
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
ソース: NVD (National Vulnerability Database)
脆弱性タイプ
输入验证不恰当
ソース: NVD (National Vulnerability Database)
脆弱性タイトル
OpenSIPS 输入验证错误漏洞
ソース: CNNVD (China National Vulnerability Database)
脆弱性説明
OpenSIPS是OpenSIPS 个人开发者的一个 GPL 许可的 SIP 服务器实现。 OpenSIPS 3.2版本及之前版本存在输入验证错误漏洞。攻击者利用该漏洞导致系统崩溃和拒绝服务。
ソース: CNNVD (China National Vulnerability Database)
CVSS情報
N/A
ソース: CNNVD (China National Vulnerability Database)
脆弱性タイプ
N/A
ソース: CNNVD (China National Vulnerability Database)
影響を受ける製品
II. CVE-2023-28095の公開POC
| # | POC説明 | ソースリンク | Shenlongリンク |
|---|
AI生成POCプレミアム
公開POCは見つかりませんでした。
ログインしてAI POCを生成III. CVE-2023-28095のインテリジェンス情報
请登录查看更多情报信息。
- https://github.com/OpenSIPS/opensips/security/advisories/GHSA-7pf3-24qg-8v9hx_refsource_CONFIRM
- https://nvd.nist.gov/vuln/detail/CVE-2023-28095
Same Patch Batch · OpenSIPS · 2023-03-15 · 11 CVEs total
| CVE-2023-27596 | 7.5 HIGH | OpenSIPS has vulnerability in the codec_delete_XX() functions |
| CVE-2023-27597 | 7.5 HIGH | OpenSIPS has vulnerability in the parse_uri() function |
| CVE-2023-27598 | 7.5 HIGH | OpenSIPS has vulnerability in the parse_via() function |
| CVE-2023-27599 | 7.5 HIGH | OpenSIPS has vulnerability in the parse_to_param() function |
| CVE-2023-27600 | 7.5 HIGH | OpenSIPS has vulnerability in the codec_delete_XX() functions |
| CVE-2023-27601 | 7.5 HIGH | OpenSIPS has vulnerability in the codec_delete_XX() functions |
| CVE-2023-28097 | 7.5 HIGH | OpenSIPS has vulnerability in the Content-Length Parser |
| CVE-2023-28098 | 5.9 MEDIUM | OpenSIPS has vulnerability in the Digest Authentication Parser |
| CVE-2023-28099 | 5.9 MEDIUM | OpenSIPS has vulnerability in the ds_is_in_list() function |
| CVE-2023-28096 | 4.5 MEDIUM | OpenSIPS has memory leak in cJSON lib |
IV. 関連脆弱性
同じ製品: opensips
- CVE-2026-25554
OpenSIPS 3.1 <= 3.6.4 auth_jwt SQL Injection Enables JWT Aut - CVE-2023-28099
OpenSIPS has vulnerability in the ds_is_in_list() function - CVE-2023-28098
OpenSIPS has vulnerability in the Digest Authentication Pars - CVE-2023-28097
OpenSIPS has vulnerability in the Content-Length Parser - CVE-2023-28096
OpenSIPS has memory leak in cJSON lib
同じベンダー: OpenSIPS
- CVE-2026-25554
OpenSIPS 3.1 <= 3.6.4 auth_jwt SQL Injection Enables JWT Aut - CVE-2023-28099
OpenSIPS has vulnerability in the ds_is_in_list() function - CVE-2023-28098
OpenSIPS has vulnerability in the Digest Authentication Pars - CVE-2023-28097
OpenSIPS has vulnerability in the Content-Length Parser - CVE-2023-28096
OpenSIPS has memory leak in cJSON lib
V. CVE-2023-28095へのコメント
まだコメントはありません