CVE-2023-28099 - Vulnerability Details - OpenCVE

OpenSIPS is a Session Initiation Protocol (SIP) server implementation. Prior to versions 3.1.9 and 3.2.6, if `ds_is_in_list()` is used with an invalid IP address string (`NULL` is illegal input), OpenSIPS will attempt to print a string from a random address (stack garbage), which could lead to a crash. All users of `ds_is_in_list()` without the `$si` variable as 1st parameter could be affected by this vulnerability to a larger, lesser or no extent at all, depending if the data passed to the function is a valid IPv4 or IPv6 address string or not. Fixes will are available starting with the 3.1.9 and 3.2.6 minor releases. There are no known workarounds.

No CVSS v4.0

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact partial

Vendors	Products
Opensips	Opensips

Configuration 1 [-]

OR	cpe:2.3:a:opensips:opensips::::::::
	cpe:2.3:a:opensips:opensips::::::::

No data.

References

Link	Providers
https://github.com/OpenSIPS/opensips/commit/e2f13d374
https://github.com/OpenSIPS/opensips/issues/2780
https://github.com/OpenSIPS/opensips/security/advisories/GHSA-pfm5-6vhv-3ff3

History

Tue, 25 Feb 2025 15:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published: 2023-03-15T22:16:57.958Z

Updated: 2025-02-25T14:56:03.865Z

Reserved: 2023-03-10T18:34:29.226Z

Link: CVE-2023-28099

Vulnrichment

Updated: 2024-08-02T12:30:24.135Z

NVD

Status : Modified

Published: 2023-03-15T23:15:09.807

Modified: 2024-11-21T07:54:24.047

Link: CVE-2023-28099

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-28099", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2023-03-10T18:34:29.226Z", "datePublished": "2023-03-15T22:16:57.958Z", "dateUpdated": "2025-02-25T14:56:03.865Z"}, "containers": {"cna": {"title": "OpenSIPS has vulnerability in the ds_is_in_list() function", "problemTypes": [{"descriptions": [{"cweId": "CWE-20", "lang": "en", "description": "CWE-20: Improper Input Validation", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}}], "references": [{"name": "https://github.com/OpenSIPS/opensips/security/advisories/GHSA-pfm5-6vhv-3ff3", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/OpenSIPS/opensips/security/advisories/GHSA-pfm5-6vhv-3ff3"}, {"name": "https://github.com/OpenSIPS/opensips/issues/2780", "tags": ["x_refsource_MISC"], "url": "https://github.com/OpenSIPS/opensips/issues/2780"}, {"name": "https://github.com/OpenSIPS/opensips/commit/e2f13d374", "tags": ["x_refsource_MISC"], "url": "https://github.com/OpenSIPS/opensips/commit/e2f13d374"}], "affected": [{"vendor": "OpenSIPS", "product": "opensips", "versions": [{"version": "< 3.1.9", "status": "affected"}, {"version": ">= 3.2.0, < 3.2.6", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2023-03-15T22:16:57.958Z"}, "descriptions": [{"lang": "en", "value": "OpenSIPS is a Session Initiation Protocol (SIP) server implementation. Prior to versions 3.1.9 and 3.2.6, if `ds_is_in_list()` is used with an invalid IP address string (`NULL` is illegal input), OpenSIPS will attempt to print a string from a random address (stack garbage), which could lead to a crash. All users of `ds_is_in_list()` without the `$si` variable as 1st parameter could be affected by this vulnerability to a larger, lesser or no extent at all, depending if the data passed to the function is a valid IPv4 or IPv6 address string or not. Fixes will are available starting with the 3.1.9 and 3.2.6 minor releases. There are no known workarounds."}], "source": {"advisory": "GHSA-pfm5-6vhv-3ff3", "discovery": "UNKNOWN"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T12:30:24.135Z"}, "title": "CVE Program Container", "references": [{"name": "https://github.com/OpenSIPS/opensips/security/advisories/GHSA-pfm5-6vhv-3ff3", "tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/OpenSIPS/opensips/security/advisories/GHSA-pfm5-6vhv-3ff3"}, {"name": "https://github.com/OpenSIPS/opensips/issues/2780", "tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/OpenSIPS/opensips/issues/2780"}, {"name": "https://github.com/OpenSIPS/opensips/commit/e2f13d374", "tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/OpenSIPS/opensips/commit/e2f13d374"}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-02-25T14:29:32.495012Z", "id": "CVE-2023-28099", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-02-25T14:56:03.865Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://github.com/OpenSIPS/opensips/security/advisories/GHSA-pfm5-6vhv-3ff3", "name": "https://github.com/OpenSIPS/opensips/security/advisories/GHSA-pfm5-6vhv-3ff3", "tags": ["x_refsource_CONFIRM", "x_transferred"]}, {"url": "https://github.com/OpenSIPS/opensips/issues/2780", "name": "https://github.com/OpenSIPS/opensips/issues/2780", "tags": ["x_refsource_MISC", "x_transferred"]}, {"url": "https://github.com/OpenSIPS/opensips/commit/e2f13d374", "name": "https://github.com/OpenSIPS/opensips/commit/e2f13d374", "tags": ["x_refsource_MISC", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T12:30:24.135Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-28099", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-02-25T14:29:32.495012Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-02-25T14:29:33.864Z"}}], "cna": {"title": "OpenSIPS has vulnerability in the ds_is_in_list() function", "source": {"advisory": "GHSA-pfm5-6vhv-3ff3", "discovery": "UNKNOWN"}, "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.9, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}], "affected": [{"vendor": "OpenSIPS", "product": "opensips", "versions": [{"status": "affected", "version": "< 3.1.9"}, {"status": "affected", "version": ">= 3.2.0, < 3.2.6"}]}], "references": [{"url": "https://github.com/OpenSIPS/opensips/security/advisories/GHSA-pfm5-6vhv-3ff3", "name": "https://github.com/OpenSIPS/opensips/security/advisories/GHSA-pfm5-6vhv-3ff3", "tags": ["x_refsource_CONFIRM"]}, {"url": "https://github.com/OpenSIPS/opensips/issues/2780", "name": "https://github.com/OpenSIPS/opensips/issues/2780", "tags": ["x_refsource_MISC"]}, {"url": "https://github.com/OpenSIPS/opensips/commit/e2f13d374", "name": "https://github.com/OpenSIPS/opensips/commit/e2f13d374", "tags": ["x_refsource_MISC"]}], "descriptions": [{"lang": "en", "value": "OpenSIPS is a Session Initiation Protocol (SIP) server implementation. Prior to versions 3.1.9 and 3.2.6, if `ds_is_in_list()` is used with an invalid IP address string (`NULL` is illegal input), OpenSIPS will attempt to print a string from a random address (stack garbage), which could lead to a crash. All users of `ds_is_in_list()` without the `$si` variable as 1st parameter could be affected by this vulnerability to a larger, lesser or no extent at all, depending if the data passed to the function is a valid IPv4 or IPv6 address string or not. Fixes will are available starting with the 3.1.9 and 3.2.6 minor releases. There are no known workarounds."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-20", "description": "CWE-20: Improper Input Validation"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2023-03-15T22:16:57.958Z"}}}, "cveMetadata": {"cveId": "CVE-2023-28099", "state": "PUBLISHED", "dateUpdated": "2025-02-25T14:56:03.865Z", "dateReserved": "2023-03-10T18:34:29.226Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2023-03-15T22:16:57.958Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:opensips:opensips:*:*:*:*:*:*:*:*", "matchCriteriaId": "F318FB66-A6E9-4A16-996B-DD76A8C64A6E", "versionEndExcluding": "3.1.9", "vulnerable": true}, {"criteria": "cpe:2.3:a:opensips:opensips:*:*:*:*:*:*:*:*", "matchCriteriaId": "3C466525-94B6-4196-9CEA-CD72452FE22D", "versionEndExcluding": "3.2.6", "versionStartIncluding": "3.2.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "OpenSIPS is a Session Initiation Protocol (SIP) server implementation. Prior to versions 3.1.9 and 3.2.6, if `ds_is_in_list()` is used with an invalid IP address string (`NULL` is illegal input), OpenSIPS will attempt to print a string from a random address (stack garbage), which could lead to a crash. All users of `ds_is_in_list()` without the `$si` variable as 1st parameter could be affected by this vulnerability to a larger, lesser or no extent at all, depending if the data passed to the function is a valid IPv4 or IPv6 address string or not. Fixes will are available starting with the 3.1.9 and 3.2.6 minor releases. There are no known workarounds."}], "id": "CVE-2023-28099", "lastModified": "2024-11-21T07:54:24.047", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 2.2, "impactScore": 3.6, "source": "security-advisories@github.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-03-15T23:15:09.807", "references": [{"source": "security-advisories@github.com", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/OpenSIPS/opensips/commit/e2f13d374"}, {"source": "security-advisories@github.com", "tags": ["Third Party Advisory"], "url": "https://github.com/OpenSIPS/opensips/issues/2780"}, {"source": "security-advisories@github.com", "tags": ["Third Party Advisory"], "url": "https://github.com/OpenSIPS/opensips/security/advisories/GHSA-pfm5-6vhv-3ff3"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/OpenSIPS/opensips/commit/e2f13d374"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://github.com/OpenSIPS/opensips/issues/2780"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://github.com/OpenSIPS/opensips/security/advisories/GHSA-pfm5-6vhv-3ff3"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "security-advisories@github.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}