First published: Tue Jul 31 2018(Updated: )
In Kamailio before 5.0.7 and 5.1.x before 5.1.4, a crafted SIP message with a double "To" header and an empty "To" tag causes a segmentation fault and crash. The reason is missing input validation in the "build_res_buf_from_sip_req" core function. This could result in denial of service and potentially the execution of arbitrary code.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
debian/kamailio | 5.2.1-1 5.2.1-1+deb10u1 5.4.4-1 5.6.3-2 5.7.2-1 | |
Debian Debian Linux | =8.0 | |
Debian Debian Linux | =9.0 | |
Kamailio Kamailio | <5.0.7 | |
Kamailio Kamailio | >=5.1.0<5.1.4 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.