PT-2016-2693 · Kamailio+2 · Kamailio+2
Stelios Tsampas
·
Published
2016-03-29
·
Updated
2025-04-07
·
CVE-2016-2385
CVSS v2.0
10
Critical
| Vector | AV:N/AC:L/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
Kamailio versions prior to 4.3.5
Description
The issue is related to a heap-based buffer overflow in the
encode msg function, located in the encode msg.c file of the SEAS module. This overflow can be triggered by a large SIP packet, allowing remote attackers to cause a denial of service, which includes memory corruption and process crash, or possibly execute arbitrary code.Recommendations
For versions prior to 4.3.5, update to version 4.3.5 or later to resolve the issue. As a temporary workaround, consider restricting the size of incoming SIP packets to prevent exploitation of the
encode msg function in the SEAS module.Exploit
Fix
DoS
Buffer Overflow
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Kamailio
Linuxmint
Ubuntu