Denial of Service Vulnerability in Kamailio SIP Server by Kamailio Project
CVE-2018-16657

9.8CRITICAL

Key Information:

Vendor

Debian
Status
Debian Linux
Vendor
CVE Published:
7 September 2018

What is CVE-2018-16657?

A vulnerability exists in Kamailio SIP Server that can be exploited through a specially crafted SIP message containing an invalid Via header. This flaw arises from inadequate input validation within the crcitt_string_array core function responsible for CRC hash calculation, alongside another oversight in the check_via_address core function. Successful exploitation can lead to a segmentation fault, causing the Kamailio server to crash, potentially allowing for denial of service and, in some cases, facilitating the execution of arbitrary code.

References

https://www.debian.org/security/2018/dsa-4292
vendor-advisoryx_refsource_DEBIAN
https://lists.debian.org/debian-lts-announce/2018/09/msg0...
mailing-listx_refsource_MLIST
https://skalatan.de/blog/advisory-hw-2018-06
x_refsource_MISC

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.