| عنوان | Kamailio Project Kamailio SIP Server 5.5 Use After Free |
|---|
| الوصف | Kamailio v5.5 contains a heap use-after-free in configuration include handling. Malicious or malformed configuration files that exercise `import` / `include` handling can cause Kamailio to read freed memory while parsing configuration (`sr_push_yy_state` / `cfg.lex`), resulting in process crash at startup (Denial of Service) and potential memory-corruption that could be leveraged further. |
|---|
| المصدر | ⚠️ https://shimo.im/docs/ZzkLMVMLOzIRlpAQ/ |
|---|
| المستخدم | zh_vul (UID 91488) |
|---|
| ارسال | 11/10/2025 10:29 AM (9 أشهر منذ) |
|---|
| الاعتدال | 25/10/2025 01:52 PM (14 days later) |
|---|
| الحالة | تمت الموافقة |
|---|
| إدخال VulDB | 329875 [Kamailio 5.5 Configuration File src/core/cfg.lex sr_push_yy_state تلف الذاكرة] |
|---|
| النقاط | 20 |
|---|