Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
OpenSIPS has vulnerability in the codec_delete_XX() functions
Vulnerability Description
OpenSIPS is a Session Initiation Protocol (SIP) server implementation. Prior to versions 3.1.8 and 3.2.5, OpenSIPS crashes when a malformed SDP body is sent multiple times to an OpenSIPS configuration that makes use of the `stream_process` function. This issue was discovered during coverage guided fuzzing of the function `codec_delete_except_re`. By abusing this vulnerability, an attacker is able to crash the server. It affects configurations containing functions that rely on the affected code, such as the function `codec_delete_except_re`. This issue has been fixed in version 3.1.8 and 3.2.5.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Vulnerability Type
不加限制或调节的资源分配
Vulnerability Title
OpenSIPS 安全漏洞
Vulnerability Description
OpenSIPS是OpenSIPS 个人开发者的一个 GPL 许可的 SIP 服务器实现。 OpenSIPS 3.1.8 和 3.2.5 之前版本存在安全漏洞,该漏洞源于当格式错误的 SDP 主体被多次发送到使用“stream_process”函数的 OpenSIPS configuration时,OpenSIPS 会崩溃。
CVSS Information
N/A
Vulnerability Type
N/A