CVE-2018-16657
Published: 7 September 2018
In Kamailio before 5.0.7 and 5.1.x before 5.1.4, a crafted SIP message with an invalid Via header causes a segmentation fault and crashes Kamailio. The reason is missing input validation in the crcitt_string_array core function for calculating a CRC hash for To tags. (An additional error is present in the check_via_address core function: this function also misses input validation.) This could result in denial of service and potentially the execution of arbitrary code.
Priority
Status
Package | Release | Status |
---|---|---|
kamailio Launchpad, Ubuntu, Debian |
bionic |
Released
(5.1.2-1ubuntu2+esm1)
Available with Ubuntu Pro |
cosmic |
Ignored
(end of life)
|
|
disco |
Not vulnerable
(5.2.1-1)
|
|
eoan |
Not vulnerable
(5.2.3-1)
|
|
focal |
Not vulnerable
(5.2.3-1)
|
|
groovy |
Not vulnerable
(5.2.3-1)
|
|
hirsute |
Not vulnerable
(5.2.3-1)
|
|
impish |
Not vulnerable
(5.2.3-1)
|
|
jammy |
Not vulnerable
(5.2.3-1)
|
|
kinetic |
Not vulnerable
(5.2.3-1)
|
|
lunar |
Not vulnerable
(5.2.3-1)
|
|
trusty |
Does not exist
(trusty was needs-triage)
|
|
upstream |
Released
(5.1.4-1)
|
|
xenial |
Released
(4.3.4-1.1ubuntu2.1+esm1)
Available with Ubuntu Pro |
Severity score breakdown
Parameter | Value |
---|---|
Base score | 9.8 |
Attack vector | Network |
Attack complexity | Low |
Privileges required | None |
User interaction | None |
Scope | Unchanged |
Confidentiality | High |
Integrity impact | High |
Availability impact | High |
Vector | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
References
- https://skalatan.de/blog/advisory-hw-2018-06
- https://github.com/kamailio/kamailio/commit/ad68e402ece8089f133c10de6ce319f9e28c0692 (master)
- https://github.com/kamailio/kamailio/commit/d67b2f9874ca23bd69f18df71b8f53b1b6151f6d (5.1)
- https://github.com/kamailio/kamailio/commit/f07dabffef98c7088cdbc2bd695a4ae7a241b159 (5.0)
- https://ubuntu.com/security/notices/USN-6022-1
- https://www.cve.org/CVERecord?id=CVE-2018-16657
- NVD
- Launchpad
- Debian