Daniel-Constantin Mierla - Security Researcher - Exploit Intelligence Platform

CVE-2016-2385 WRITEUP CRITICAL WRITEUP

Debian Linux < 4.3.4 - Memory Corruption

Heap-based buffer overflow in the encode_msg function in encode_msg.c in the SEAS module in Kamailio (formerly OpenSER and SER) before 4.3.5 allows remote attackers to cause a denial of service (memory corruption and process crash) or possibly execute arbitrary code via a large SIP packet.

CVSS 9.8

View Code

CVE-2015-1590 WRITEUP HIGH WRITEUP

kamailio < 4.2.8 - Unauthenticated Local File Write via /tmp/kamailio_ctl

The kamcmd administrative utility and default configuration in kamailio before 4.3.0 use /tmp/kamailio_ctl.

CVSS 7.8

View Code

CVE-2018-8828 WRITEUP CRITICAL WRITEUP

Kamailio <4.4.7, 5.0.x <5.0.6, 5.1.x <5.1.2 - Buffer Overflow

A Buffer Overflow issue was discovered in Kamailio before 4.4.7, 5.0.x before 5.0.6, and 5.1.x before 5.1.2. A specially crafted REGISTER message with a malformed branch or From tag triggers an off-by-one heap-based buffer overflow in the tmx_check_pretran function in modules/tmx/tmx_pretran.c.

CVSS 9.8

View Code

CVE-2020-27507 WRITEUP CRITICAL WRITEUP

Kamailio SIP <5.5.0 - Buffer Overflow

The Kamailio SIP before 5.5.0 server mishandles INVITE requests with duplicated fields and overlength tag, leading to a buffer overflow that crashes the server or possibly have unspecified other impact.

CVSS 9.8

View Code