CVE-2023-28096 Information

Description

OpenSIPS a Session Initiation Protocol (SIP) server implementation has a memory leak starting in the 2.3 branch and priot to versions 3.1.8 and 3.2.5. The memory leak was detected in the function parse_mi_request while performing coverage-guided fuzzing. This issue can be reproduced by sending multiple requests of the form `\jsonrpc\

Reference

https://github.com/OpenSIPS/opensips/security/advisories/GHSA-2mg2-g46r-j4qr https://github.com/OpenSIPS/opensips/commit/417568707520af25ec5c5dd91da18e6db3649dcb https://opensips.org/pub/audit-2022/opensips-audit-technical-report-full.pdf