CVE-2016-2385

CRITICAL

Debian Linux < 4.3.4 - Memory Corruption

Title source: rule

Exploitation Summary

EIP tracks 1 public exploit for CVE-2016-2385. PoCs published by Stelios Tsampas.

AI-analyzed exploit summary This exploit demonstrates a heap-based buffer overflow in Kamailio's SEAS module, triggered by a large UDP packet. The vulnerability allows remote code execution due to insufficient bounds checking in the encode_msg function.

Description

Heap-based buffer overflow in the encode_msg function in encode_msg.c in the SEAS module in Kamailio (formerly OpenSER and SER) before 4.3.5 allows remote attackers to cause a denial of service (memory corruption and process crash) or possibly execute arbitrary code via a large SIP packet.

Exploits (1)

exploitdb WORKING POC

by Stelios Tsampas · textdoslinux

https://www.exploit-db.com/exploits/39638

View Code ZIP pw:eip

This exploit demonstrates a heap-based buffer overflow in Kamailio's SEAS module, triggered by a large UDP packet. The vulnerability allows remote code execution due to insufficient bounds checking in the encode_msg function.

Classification

Working Poc 90%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Kamailio 4.3.4 (and possibly previous versions)

No auth needed

Prerequisites: Kamailio configured to use the SEAS module · Network access to the target

MITRE ATT&CK