CVE-2016-2385: CVE-2016-2385

Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2016-2385

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Description

Heap-based buffer overflow in the encode_msg function in encode_msg.c in the SEAS module in Kamailio (formerly OpenSER and SER) before 4.3.5 allows remote attackers to cause a denial of service (memory corruption and process crash) or possibly execute arbitrary code via a large SIP packet.

Source: NVD (National Vulnerability Database)

CVSS Information

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Type

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Title

kamailio SEAS模块基于堆的缓冲区溢出

Source: CNNVD (China National Vulnerability Database)

Vulnerability Description

kamailio（前称OpenSER and SER）是德国FhG FOKUS研究所研发的一款开源基于GPL的SIP（Session Initiation Protocol，会话初始协议）服务器。SEAS是其中的一个模块。 Kamailio 4.3.5之前版本的SEAS模块中的encode_msg.c文件中的‘encode_msg’函数存在基于堆的缓冲区溢出。远程攻击者可通过发送较大的SIP数据包利用该漏洞造成拒绝服务（内存损坏和进程崩溃），或执行任意代码。

Source: CNNVD (China National Vulnerability Database)

CVSS Information

N/A

Source: CNNVD (China National Vulnerability Database)

Vulnerability Type

N/A

Source: CNNVD (China National Vulnerability Database)

Affected Products

Vendor	Product	Affected Versions	CPE	Subscribe
-	n/a	n/a	-

II. Public POCs for CVE-2016-2385

#	POC Description	Source Link	Shenlong Link

AI-Generated POCPremium

No public POC found.

III. Intelligence Information for CVE-2016-2385

Please Login to view more intelligence information

http://packetstormsecurity.com/files/136477/Kamailio-4.3.4-Heap-Overflow.htmlx_refsource_MISC
http://www.kamailio.org/pub/kamailio/4.3.5/ChangeLogx_refsource_CONFIRM
https://census-labs.com/news/2016/03/30/kamailio-seas-heap-overflow/x_refsource_MISC
https://github.com/kamailio/kamailio/commit/f50c9c853e7809810099c970780c30b0765b0643x_refsource_CONFIRM
http://www.debian.org/security/2016/dsa-3535vendor-advisoryx_refsource_DEBIAN
http://www.debian.org/security/2016/dsa-3537vendor-advisoryx_refsource_DEBIAN
http://www.securityfocus.com/archive/1/537926/100/0/threadedmailing-listx_refsource_BUGTRAQ
https://nvd.nist.gov/vuln/detail/CVE-2016-2385

IV. Related Vulnerabilities

Same product: n/a

Same vendor: n/a

V. Comments for CVE-2016-2385

No comments yet

Goal Reached Thanks to every supporter — we hit 100%!

I. Basic Information for CVE-2016-2385

Vulnerability Information

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Affected Products

II. Public POCs for CVE-2016-2385

III. Intelligence Information for CVE-2016-2385

IV. Related Vulnerabilities

V. Comments for CVE-2016-2385

Leave a comment