cve/2023/CVE-2023-28097.md

### [CVE-2023-28097](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28097)
![](https://img.shields.io/static/v1?label=Product&message=opensips&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=%3D%20%3C%203.1.9%20&color=brighgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-190%3A%20Integer%20Overflow%20or%20Wraparound&color=brighgreen)

### Description

OpenSIPS is a Session Initiation Protocol (SIP) server implementation. Prior to versions 3.1.9 and 3.2.6, a malformed SIP message containing a large _Content-Length_ value and a specially crafted Request-URI causes a segmentation fault in OpenSIPS. This issue occurs when a large amount of shared memory using the `-m` flag was allocated to OpenSIPS, such as 10 GB of RAM. On the test system, this issue occurred when shared memory was set to `2362` or higher. This issue is fixed in versions 3.1.9 and 3.2.6. The only workaround is to guarantee that the Content-Length value of input messages is never larger than `2147483647`.

### POC

#### Reference
- https://opensips.org/pub/audit-2022/opensips-audit-technical-report-full.pdf

#### Github
- https://github.com/karimhabush/cyberowl
Update Sat May 25 21:48:12 CEST 2024 2024-05-25 21:48:12 +02:00			`### [CVE-2023-28097](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28097)`
			`![](https://img.shields.io/static/v1?label=Product&message=opensips&color=blue)`
			`![](https://img.shields.io/static/v1?label=Version&message=%3D%20%3C%203.1.9%20&color=brighgreen)`
			`![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-190%3A%20Integer%20Overflow%20or%20Wraparound&color=brighgreen)`

			`### Description`

			OpenSIPS is a Session Initiation Protocol (SIP) server implementation. Prior to versions 3.1.9 and 3.2.6, a malformed SIP message containing a large _Content-Length_ value and a specially crafted Request-URI causes a segmentation fault in OpenSIPS. This issue occurs when a large amount of shared memory using the `-m` flag was allocated to OpenSIPS, such as 10 GB of RAM. On the test system, this issue occurred when shared memory was set to `2362` or higher. This issue is fixed in versions 3.1.9 and 3.2.6. The only workaround is to guarantee that the Content-Length value of input messages is never larger than `2147483647`.

			`### POC`

			`#### Reference`
			`- https://opensips.org/pub/audit-2022/opensips-audit-technical-report-full.pdf`

			`#### Github`
			`- https://github.com/karimhabush/cyberowl`