[3.5] kamailio: Security vulnerability in Kamailio core related to To header processing (CVE-2018-14767)
In Kamailio before 5.0.7 and 5.1.x before 5.1.4, a crafted SIP message
with a double “To” header and an empty “To” tag causes
a segmentation fault and crash. The reason is missing input validation in the “build_res_buf_from_sip_req” core function.
This could result in denial of service and potentially the execution of arbitrary code.
(from redmine: issue id 9185, created on 2018-08-02, closed on 2018-09-20)