Reply to this email directly, view it on GitHub, or unsubscribe.
You are receiving this because you are subscribed to this thread.
The master branch of the Kamailio project contains unpatched sources from OpenSIPS, in which CVE-2023-28098 was reported. The function parse_param_name() from kamailio/src/core/parser/digest/param_parser.c does not include security patches and updates available in newer versions of OpenSIPS. The fix for CVE can be found in this commit: OpenSIPS Commit dd9141b6
I strongly recommend updating the sources from OpenSIPS to the latest version available.
The bug is detected by a tool developed at CAST.
—
Reply to this email directly, view it on GitHub, or unsubscribe.
You are receiving this because you are subscribed to this thread.