| 제목 | Kamailio Project Kamailio SIP Server 5.5 Heap-based Buffer Overflow |
|---|
| 설명 | Kamailio v5.5 contains a heap-buffer-overflow triggered during configuration parsing. When module-function parameters are pre-fixed up and expression trees are destroyed, `rve_destroy()` can read past an allocated object and crash the process. Reproducible using a crafted `kamailio-basic.cfg` (replace config and start with `./src/kamailio -f ./kamailio-basic.cfg -L src/modules -Y runtime_dir -n 1 -D -E`). Test seeds `id:000151.log` and `id:000153.log` reproduce the issue in our ASan-enabled build. Impact: Denial of Service; potential for further memory-corruption exploitation.
|
|---|
| 원천 | ⚠️ https://shimo.im/docs/loqeMWMyZGtpEYqn/ |
|---|
| 사용자 | zh_vul (UID 91488) |
|---|
| 제출 | 2025. 10. 11. AM 10:22 (9 개월 ago) |
|---|
| 모더레이션 | 2025. 10. 25. PM 01:52 (14 days later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 329874 [Kamailio 5.5 Configuration File src/core/rvalue.c rve_destroy 메모리 손상] |
|---|
| 포인트들 | 20 |
|---|