Submit #673224: Kamailio Project Kamailio SIP Server 5.5 Heap-based Buffer Overflowinfo

TitelKamailio Project Kamailio SIP Server 5.5 Heap-based Buffer Overflow
BeschreibungKamailio v5.5 contains a heap-buffer-overflow triggered during configuration parsing. When module-function parameters are pre-fixed up and expression trees are destroyed, `rve_destroy()` can read past an allocated object and crash the process. Reproducible using a crafted `kamailio-basic.cfg` (replace config and start with `./src/kamailio -f ./kamailio-basic.cfg -L src/modules -Y runtime_dir -n 1 -D -E`). Test seeds `id:000151.log` and `id:000153.log` reproduce the issue in our ASan-enabled build. Impact: Denial of Service; potential for further memory-corruption exploitation.
Quelle⚠️ https://shimo.im/docs/loqeMWMyZGtpEYqn/
Benutzer
 zh_vul (UID 91488)
Einreichung11.10.2025 10:22 (vor 9 Monaten)
Moderieren25.10.2025 13:52 (14 days later)
StatusAkzeptiert
VulDB Eintrag329874 [Kamailio 5.5 Configuration File src/core/rvalue.c rve_destroy Pufferüberlauf]
Punkte20

ZurückÜbersichtWeiter

Want to know what is going to be exploited?

We predict KEV entries!