[sr-dev] [kamailio/kamailio] Outdated OpenSIPS Sources in Kamailio Project Lack Security Fixes (CVE-2023-28098) (Issue #3911)

### Description The master branch of the Kamailio project contains unpatched sources from OpenSIPS, in which [CVE-2023-28098](https://github.com/OpenSIPS/opensips/security/advisories/GH… was reported. The function `parse_param_name()` from `kamailio/src/core/parser/digest/param_parser.c` does not include security patches and updates available in newer versions of OpenSIPS. The fix for CVE can be found in this commit: [OpenSIPS Commit dd9141b6](https://github.com/OpenSIPS/opensips/commit/dd9141b6f67d7df4072f3… ### Possible Solutions I strongly recommend updating the sources from OpenSIPS to the latest version available. ### Report Origin The bug is detected by a tool developed at [CAST](https://castech.am/). -- Reply to this email directly or view it on GitHub: https://github.com/kamailio/kamailio/issues/3911 You are receiving this because you are subscribed to this thread. Message ID: <kamailio/kamailio/issues/3911(a)github.com>