Package: kamailo Version: 4.2.0-2+deb8u3 X-Debbugs-CC: t...@security.debian.org Severity: grave Tags: security
Hi, The following vulnerability was published for kamailo. CVE-2018-16657[0]: | In Kamailio before 5.0.7 and 5.1.x before 5.1.4, a crafted SIP message | with an invalid Via header causes a segmentation fault and crashes | Kamailio. The reason is missing input validation in the | crcitt_string_array core function for calculating a CRC hash for To | tags. (An additional error is present in the check_via_address core | function: this function also misses input validation.) This could | result in denial of service and potentially the execution of arbitrary | code. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2018-16657 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16657 Regards, -- ,''`. : :' : Chris Lamb `. `'` la...@debian.org / chris-lamb.co.uk `-
