| Titolo | Kamailio Project Kamailio SIP Server 5.5 Use After Free |
|---|
| Descrizione | Kamailio v5.5 contains a heap use-after-free in configuration include handling. Malicious or malformed configuration files that exercise `import` / `include` handling can cause Kamailio to read freed memory while parsing configuration (`sr_push_yy_state` / `cfg.lex`), resulting in process crash at startup (Denial of Service) and potential memory-corruption that could be leveraged further. |
|---|
| Fonte | ⚠️ https://shimo.im/docs/ZzkLMVMLOzIRlpAQ/ |
|---|
| Utente | zh_vul (UID 91488) |
|---|
| Sottomissione | 11/10/2025 10:29 (9 mesi fa) |
|---|
| Moderazione | 25/10/2025 13:52 (14 days later) |
|---|
| Stato | Accettato |
|---|
| Voce VulDB | 329875 [Kamailio 5.5 Configuration File src/core/cfg.lex sr_push_yy_state buffer overflow] |
|---|
| Punti | 20 |
|---|