Hi All,
OpenSipS just released an update to the audit that was done to OpenSips
[1]. From my basic coding skills it seems like the changes that were done
by the OpenSipS project were not implemented in Kamailio which means that
Kamailio is potentially vulnerable? For example you can compare the
changes made by OpenSips project here [2] and the Kamailio code here [3]
I am not active much on the list so please don't roast me if I am
completely wrong here.
Regards,
Dovid
[1]
http://lists.opensips.org/pipermail/users/2023-March/046849.html
[2]
https://github.com/OpenSIPS/opensips/commit/dd9141b6f67d7df4072f3430f628d4b…
[3]
https://github.com/kamailio/kamailio/blob/master/src/core/parser/digest/par…