Description

The master branch of the Kamailio project contains unpatched sources from OpenSIPS, in which CVE-2023-28098 was reported. The function parse_param_name() from kamailio/src/core/parser/digest/param_parser.c does not include security patches and updates available in newer versions of OpenSIPS. The fix for CVE can be found in this commit: OpenSIPS Commit dd9141b6

Possible Solutions

I strongly recommend updating the sources from OpenSIPS to the latest version available.

Report Origin

The bug is detected by a tool developed at CAST.


Reply to this email directly, view it on GitHub, or unsubscribe.
You are receiving this because you are subscribed to this thread.Message ID: <kamailio/kamailio/issues/3911@github.com>