| عنوان | Kamailio Project Kamailio SIP Server 5.5 Heap-based Buffer Overflow |
|---|
| الوصف | Kamailio v5.5 contains a heap-buffer-overflow triggered during configuration parsing. When module-function parameters are pre-fixed up and expression trees are destroyed, `rve_destroy()` can read past an allocated object and crash the process. Reproducible using a crafted `kamailio-basic.cfg` (replace config and start with `./src/kamailio -f ./kamailio-basic.cfg -L src/modules -Y runtime_dir -n 1 -D -E`). Test seeds `id:000151.log` and `id:000153.log` reproduce the issue in our ASan-enabled build. Impact: Denial of Service; potential for further memory-corruption exploitation.
|
|---|
| المصدر | ⚠️ https://shimo.im/docs/loqeMWMyZGtpEYqn/ |
|---|
| المستخدم | zh_vul (UID 91488) |
|---|
| ارسال | 11/10/2025 10:22 AM (9 أشهر منذ) |
|---|
| الاعتدال | 25/10/2025 01:52 PM (14 days later) |
|---|
| الحالة | تمت الموافقة |
|---|
| إدخال VulDB | 329874 [Kamailio 5.5 Configuration File src/core/rvalue.c rve_destroy تلف الذاكرة] |
|---|
| النقاط | 20 |
|---|