CVE-2018-16657

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Kamailio versions prior to 5.0.7 Kamailio versions 5.1.x prior to 5.1.4

Description A crafted SIP message with an invalid Via header can cause a segmentation fault and crash Kamailio due to missing input validation in the crcitt string array core function for calculating a CRC hash for To tags. An additional error is present in the check via address core function, which also misses input validation. This could result in denial of service and potentially the execution of arbitrary code.

Recommendations For Kamailio versions prior to 5.0.7, update to version 5.0.7 or later. For Kamailio versions 5.1.x prior to 5.1.4, update to version 5.1.4 or later.

Exploit

Fix

DoS

NULL Pointer Dereference

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-476

Related Identifiers

CVE-2018-16657

DLA-1503-1

DSA-4292-1

USN-6022-1

Affected Products

Kamailio

Linuxmint

Ubuntu

CVE-2018-16657

Weakness Enumeration

Related Identifiers

Affected Products

References · 25