CVE-2018-14767

NONE EPSS 97.9%
Published Jul 31, 20187y ago · Modified Jun 17, 20262w ago
Find Similar
Published Jul 31, 2018 7y ago
Last Modified Jun 17, 2026 2w ago

Description

In Kamailio before 5.0.7 and 5.1.x before 5.1.4, a crafted SIP message with a double "To" header and an empty "To" tag causes a segmentation fault and crash. The reason is missing input validation in the "build_res_buf_from_sip_req" core function. This could result in denial of service and potentially the execution of arbitrary code.

Threat Intelligence

EPSS Exploit Probability
97.9% percentile
Exploit & Patch Status
Public Exploit Known
Patch Available

Weaknesses 1

CWE-20 Improper Input Validation Validation

Affected Products 4

VendorProductVersionRange
debiandebian_linux8.0any
debiandebian_linux9.0any
kamailiokamailio* <5.0.7
kamailiokamailio*≥5.1.0  –  <5.1.4

References 3

  • lists.debian.org https://lists.debian.org/debian-lts-announce/2018/08/msg00018.html
    Mailing ListThird Party Advisory
  • skalatan.de https://skalatan.de/blog/advisory-hw-2018-05
    ExploitPatchThird Party Advisory
  • debian.org https://www.debian.org/security/2018/dsa-4267
    Third Party Advisory

Remediation

  • skalatan.de https://skalatan.de/blog/advisory-hw-2018-05
    ExploitPatchThird Party Advisory