CVE-2018-14767

Name of the Vulnerable Software and Affected Versions Kamailio versions prior to 5.0.7 Kamailio versions 5.1.x prior to 5.1.4

Description A crafted SIP message with a double "To" header and an empty "To" tag can cause a segmentation fault and crash due to missing input validation in the build res buf from sip req core function. This could result in denial of service and potentially the execution of arbitrary code.

Recommendations For Kamailio versions prior to 5.0.7, update to version 5.0.7 or later. For Kamailio versions 5.1.x prior to 5.1.4, update to version 5.1.4 or later. As a temporary workaround, consider implementing additional input validation for SIP messages to prevent crashes.