Login Sign Up

CVE-2023-27597

7.5 HIGH
Denial of Service

📋 TL;DR

CVE-2023-27597 is a segmentation fault vulnerability in OpenSIPS SIP server that causes denial of service when processing specially crafted SIP messages. The crash occurs in the rewrite_ruri function and affects configurations using functions like setport. OpenSIPS administrators running vulnerable versions are affected.

💻 Affected Systems

Products:
  • OpenSIPS
Versions: All versions before 3.1.8 and 3.2.5
Operating Systems: All platforms running OpenSIPS
Default Config Vulnerable: ✅ No
Notes: Only affects configurations using functions that call rewrite_ruri, such as setport

📦 What is this software?

Opensips by Opensips

View all CVEs affecting Opensips →

Opensips by Opensips

View all CVEs affecting Opensips →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete service outage of SIP server leading to disruption of voice/video communications and related services

🟠

Likely Case

Service disruption requiring manual restart of OpenSIPS server

🟢

If Mitigated

Minimal impact with proper monitoring and automated recovery mechanisms

🌐 Internet-Facing: HIGH - SIP servers are typically internet-facing and accept messages from untrusted sources
🏢 Internal Only: MEDIUM - Internal attackers could still exploit if they can send SIP messages to the server

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Exploitation requires sending a specially crafted SIP message to trigger the segmentation fault

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 3.1.8 or 3.2.5

Vendor Advisory: https://github.com/OpenSIPS/opensips/security/advisories/GHSA-358f-935m-7p9c

Restart Required: Yes

Instructions:

1. Backup current configuration. 2. Upgrade to OpenSIPS 3.1.8 (for 3.1.x branch) or 3.2.5 (for 3.2.x branch). 3. Restart OpenSIPS service. 4. Verify service is running correctly.

🔧 Temporary Workarounds

Disable vulnerable functions

all

Remove or disable configurations using setport or other functions that call rewrite_ruri

# Review opensips.cfg and remove/comment out lines using setport or similar functions

Network filtering

linux

Implement SIP message filtering to block malformed messages

# Use iptables or similar to filter suspicious SIP traffic
# Example: iptables -A INPUT -p udp --dport 5060 -m string --algo bm --hex-string '|pattern|' -j DROP

🧯 If You Can't Patch

  • Implement strict network segmentation to limit SIP traffic to trusted sources only
  • Deploy monitoring and automated restart mechanisms to minimize downtime from crashes

🔍 How to Verify

Check if Vulnerable:

Check OpenSIPS version and review configuration for use of setport or similar functions

Check Version:

opensips -V

Verify Fix Applied:

Verify OpenSIPS version is 3.1.8 or higher (3.1.x branch) or 3.2.5 or higher (3.2.x branch)

📡 Detection & Monitoring

Log Indicators:

  • Segmentation fault errors in OpenSIPS logs
  • Unexpected process termination
  • Core dump files

Network Indicators:

  • Unusual SIP message patterns
  • Multiple connection attempts with malformed SIP headers

SIEM Query:

source="opensips.log" AND ("segmentation fault" OR "core dumped" OR "SIGSEGV")

📊 Metadata

CVE ID: CVE-2023-27597
CVSS v3 Score: 7.5 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CWE: CWE-20
Published: March 15, 2023
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-27597, you might also want to check these:

CVE-2022-47190 10.0

CVE-2022-47190 allows remote attackers to upload malicious firmware containing a webshell to Generex...

Same vulnerability type (CWE-20)
CVE-2020-12388 10.0

This vulnerability allows attackers to escape Firefox's content process sandbox on Windows systems, ...

Same vulnerability type (CWE-20)
CVE-2024-3400 10.0

CVE-2024-3400 is a critical command injection vulnerability in Palo Alto Networks PAN-OS GlobalProte...

Same vulnerability type (CWE-20)