aports issueshttps://gitlab.alpinelinux.org/alpine/aports/-/issues2019-07-23T11:24:29Zhttps://gitlab.alpinelinux.org/alpine/aports/-/issues/9181[3.9] kamailio: Security vulnerability in Kamailio core related to To header ...2019-07-23T11:24:29ZAlicha CH[3.9] kamailio: Security vulnerability in Kamailio core related to To header processing (CVE-2018-14767)In Kamailio before 5.0.7 and 5.1.x before 5.1.4, a crafted SIP message
with a double “To” header and an empty “To” tag causes
a segmentation fault and crash. The reason is missing input validation
in the “build\_res\_buf\_from\_sip\_re...In Kamailio before 5.0.7 and 5.1.x before 5.1.4, a crafted SIP message
with a double “To” header and an empty “To” tag causes
a segmentation fault and crash. The reason is missing input validation
in the “build\_res\_buf\_from\_sip\_req” core function.
This could result in denial of service and potentially the execution of
arbitrary code.
### References:
https://skalatan.de/blog/advisory-hw-2018-05
https://nvd.nist.gov/vuln/detail/CVE-2018-14767
*(from redmine: issue id 9181, created on 2018-08-02, closed on 2018-09-20)*
* Relations:
* copied_to #9180
* parent #91803.9.0Nathan AngelacosNathan Angelacos