The one place for your designs
To enable design management, you'll need to meet the requirements. If you need help, reach out to our support team for assistance.
[3.7] kamailio: Security vulnerability in Kamailio core related to To header processing (CVE-2018-14767)
In Kamailio before 5.0.7 and 5.1.x before 5.1.4, a crafted SIP message
with a double “To” header and an empty “To” tag causes
a segmentation fault and crash. The reason is missing input validation
in the “build_res_buf_from_sip_req” core function.
This could result in denial of service and potentially the execution of
arbitrary code.
References:
https://skalatan.de/blog/advisory-hw-2018-05
https://nvd.nist.gov/vuln/detail/CVE-2018-14767
(from redmine: issue id 9183, created on 2018-08-02, closed on 2018-09-20)
- Relations:
- copied_to #9180 (closed)
- parent #9180 (closed)