[sr-dev] [kamailio/kamailio] Outdated OpenSIPS Sources in Kamailio Project Lack Security Fixes (CVE-2023-28098) (Issue #3911)

10 Jul 2024


      ### Description
The master branch of the Kamailio project contains unpatched sources from OpenSIPS, in which [CVE-2023-28098](https://github.com/OpenSIPS/opensips/security/advisories/GHSA-jrqg-vppj-hr2h) was reported. The function `parse_param_name()` from `kamailio/src/core/parser/digest/param_parser.c` does not include security patches and updates available in newer versions of OpenSIPS. The fix for CVE can be found in this commit: [OpenSIPS Commit dd9141b6](https://github.com/OpenSIPS/opensips/commit/dd9141b6f67d7df4072f3430f628d4b7...)
### Possible Solutions
I strongly recommend updating the sources from OpenSIPS to the latest version available.
### Report Origin
The bug is detected by a tool developed at [CAST](https://castech.am/).
-- 
Reply to this email directly or view it on GitHub:
https://github.com/kamailio/kamailio/issues/3911
You are receiving this because you are subscribed to this thread.

Message ID: kamailio/kamailio/issues/3911@github.com

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

[sr-dev] [kamailio/kamailio] Outdated OpenSIPS Sources in Kamailio Project Lack Security Fixes (CVE-2023-28098) (Issue #3911)