Tags › CVE-2026-45809

OpenSIPS: Watcherinfo XML generation denial of service from oversized watcher URI

Published on May 21, 2026 in security advisory, CVE-2026-45809, opensips, denial of service

CVSS v4.0, Enable Security assessment
- Vector: link
Other references:
- CVE-2026-45809
- GHSA-gx83-2gh8-7v56
- CWE-121: Stack-based Buffer Overflow
Fixed versions: OpenSIPS 3.6.6, OpenSIPS 4.0.0-rc1, and master at or after eeb331cd5
Enable Security Advisory: https://www.enablesecurity.com/advisories/ES2026-02-opensips-watcherinfo-uri-stack-buffer-overflow/
Tested vulnerable version: OpenSIPS 3.5.9
Timeline:
- Enable Security reproduced the issue: 2026-04-29
- OpenSIPS advisory: 2026-05-21
- Enable Security advisory: 2026-05-21

Description

OpenSIPS published GHSA-gx83-2gh8-7v56 for a denial-of-service vulnerability in watcherinfo XML generation. The issue is caused by an oversized watcher URI being copied into a fixed-size stack buffer in modules/presence/notify.c:create_winfo_xml().

…

Tags › CVE-2026-45809

OpenSIPS: Watcherinfo XML generation denial of service from oversized watcher URI

Description

Subscribe