CVE-2018-16657

Name of the Vulnerable Software and Affected Versions Kamailio versions prior to 5.0.7 Kamailio versions 5.1.x prior to 5.1.4

Description A crafted SIP message with an invalid Via header can cause a segmentation fault and crash Kamailio due to missing input validation in the crcitt string array core function for calculating a CRC hash for To tags. An additional error is present in the check via address core function, which also misses input validation. This could result in denial of service and potentially the execution of arbitrary code.

Recommendations For Kamailio versions prior to 5.0.7, update to version 5.0.7 or later. For Kamailio versions 5.1.x prior to 5.1.4, update to version 5.1.4 or later.