{"vulnerability": "CVE-2023-27599", "sightings": [{"uuid": "9b61cbea-4449-4858-8835-3aa8efdb8975", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-27599", "type": "seen", "source": "https://t.me/cibsecurity/60098", "content": "\u203c CVE-2023-27599 \u203c\n\nOpenSIPS is a Session Initiation Protocol (SIP) server implementation. Prior to versions 3.1.7 and 3.2.4, when the function `append_hf` handles a SIP message with a malformed To header, a call to the function `abort()` is performed, resulting in a crash. This is due to the following check in `data_lump.c:399` in the function `anchor_lump`. An attacker abusing this vulnerability will crash OpenSIPS leading to Denial of Service. It affects configurations containing functions that make use of the affected code, such as the function `append_hf`. This issue has been fixed in versions 3.1.7 and 3.2.4.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-03-15T23:30:22.000000Z"}]}