The master branch of the Kamailio project contains unpatched sources from OpenSIPS, in which CVE-2023-28098 was reported. The function parse_param_name()
from kamailio/src/core/parser/digest/param_parser.c
does not include security patches and updates available in newer versions of OpenSIPS. The fix for CVE can be found in this commit: OpenSIPS Commit dd9141b6
I strongly recommend updating the sources from OpenSIPS to the latest version available.
The bug is detected by a tool developed at CAST.
—
Reply to this email directly, view it on GitHub, or unsubscribe.
You are receiving this because you are subscribed to this thread.