PT-2016-2693 · Kamailio+2 · Kamailio+2
Stelios Tsampas
·
Publicado
2016-03-29
·
Atualizado
2025-04-07
·
CVE-2016-2385
CVSS v2.0
10
Crítica
| Vetor | AV:N/AC:L/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
Kamailio versions prior to 4.3.5
Description
The issue is related to a heap-based buffer overflow in the
encode msg function, located in the encode msg.c file of the SEAS module. This overflow can be triggered by a large SIP packet, allowing remote attackers to cause a denial of service, which includes memory corruption and process crash, or possibly execute arbitrary code.Recommendations
For versions prior to 4.3.5, update to version 4.3.5 or later to resolve the issue. As a temporary workaround, consider restricting the size of incoming SIP packets to prevent exploitation of the
encode msg function in the SEAS module.Exploit
Correção
DoS
Buffer Overflow
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Kamailio
Linuxmint
Ubuntu