Buffer Overflow in Kamailio SIP Server Due to Mismanaged INVITE Requests
CVE-2020-27507

9.8CRITICAL

Key Information:

Vendor: Kamailio
Status: Kamailio
Vendor: CVE Published:; 15 March 2023

What is CVE-2020-27507?

The Kamailio SIP Server suffers from a buffer overflow vulnerability due to improper handling of INVITE requests with duplicated fields and an overlength tag. This flaw can cause the server to crash and may lead to uncertain additional impacts, affecting its stability and availability. Users are advised to upgrade to version 5.5.0 or later to mitigate this risk.

References

https://github.com/kamailio/kamailio/issues/2503

https://github.com/kamailio/kamailio/commit/ada3701d22b1f...

https://lists.debian.org/debian-lts-announce/2023/05/msg0...

mailing-list

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 15, 2023
Vulnerability Reserved
Oct 21, 2020

CVE-2020-27507 Data

JSON