OpenSIPS crashes when a malformed SDP body is sent multiple times to an OpenSIPS configuration that makes use of the stream_process function.
This issue was discovered during coverage guided fuzzing of the function codec_delete_except_re.
Impact
By abusing this vulnerability, an attacker is able to crash the server. It affects configurations containing functions that rely on the affected code, such as the function codec_delete_except_re.
Patches
This issue has been fixed by commit dd051f8.
References
Read more about this issue in the Audit Document section 3.15.
For more information
If you have any questions or comments about this advisory:
sandrogauci Analyst
OpenSIPS crashes when a malformed SDP body is sent multiple times to an OpenSIPS configuration that makes use of the
stream_processfunction.This issue was discovered during coverage guided fuzzing of the function
codec_delete_except_re.Impact
By abusing this vulnerability, an attacker is able to crash the server. It affects configurations containing functions that rely on the affected code, such as the function
codec_delete_except_re.Patches
This issue has been fixed by commit dd051f8.
References
Read more about this issue in the Audit Document section 3.15.
For more information
If you have any questions or comments about this advisory: