CVE-2018-8828

Published: 20 March 2018

A Buffer Overflow issue was discovered in Kamailio before 4.4.7, 5.0.x before 5.0.6, and 5.1.x before 5.1.2. A specially crafted REGISTER message with a malformed branch or From tag triggers an off-by-one heap-based buffer overflow in the tmx_check_pretran function in modules/tmx/tmx_pretran.c.

Priority

High

CVSS 3 base score: 9.8

Status

Package Release Status
kamailio
Launchpad, Ubuntu, Debian
Upstream
Released (5.1.2-1)
Ubuntu 20.04 LTS (Focal Fossa) Not vulnerable
(5.1.2-1ubuntu2)
Ubuntu 18.04 LTS (Bionic Beaver) Not vulnerable
(5.1.2-1ubuntu2)
Ubuntu 16.04 LTS (Xenial Xerus)
Released (4.3.4-1.1ubuntu2.1)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was not-affected [code not present])
Ubuntu 12.04 ESM (Precise Pangolin) Does not exist