Buffer Overflow Vulnerability in Kamailio Application by Kamailio Project
CVE-2018-8828

9.8CRITICAL

Key Information:

Vendor

Kamailio

Status
Kamailio
Vendor
CVE Published:
20 March 2018

What is CVE-2018-8828?

A buffer overflow vulnerability exists in the Kamailio application, specifically within the tmx_check_pretran function in the tmx_pretran.c module. This issue arises when a specially crafted REGISTER message containing a malformed branch or From tag is processed. The vulnerability can lead to an off-by-one heap-based buffer overflow, potentially allowing an attacker to execute arbitrary code or disrupt the operation of the application. Users of affected Kamailio versions are advised to apply the latest patches to mitigate this risk.

References

https://github.com/kamailio/kamailio/commit/e1d8008a09d93...
x_refsource_MISC
https://github.com/EnableSecurity/advisories/tree/master/...
x_refsource_MISC
https://www.debian.org/security/2018/dsa-4148
vendor-advisoryx_refsource_DEBIAN

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.