[3.7] kamailio: Security vulnerability in Kamailio core related to To header processing (CVE-2018-14767) (#9183) · Issues · alpine / aports

[3.7] kamailio: Security vulnerability in Kamailio core related to To header processing (CVE-2018-14767)

In Kamailio before 5.0.7 and 5.1.x before 5.1.4, a crafted SIP message with a double “To” header and an empty “To” tag causes
a segmentation fault and crash. The reason is missing input validation in the “build_res_buf_from_sip_req” core function.
This could result in denial of service and potentially the execution of arbitrary code.

References:

https://skalatan.de/blog/advisory-hw-2018-05
https://nvd.nist.gov/vuln/detail/CVE-2018-14767

(from redmine: issue id 9183, created on 2018-08-02, closed on 2018-09-20)

Relations:
- copied_to #9180 (closed)
- parent #9180 (closed)

To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information