Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
In Kamailio before 5.0.7 and 5.1.x before 5.1.4, a crafted SIP message with a double "To" header and an empty "To" tag causes a segmentation fault and crash. The reason is missing input validation in the "build_res_buf_from_sip_req" core function. This could result in denial of service and potentially the execution of arbitrary code.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Kamailio 安全漏洞
Vulnerability Description
Kamailio是德国FhG FOKUS研究所研发的一款开源基于GPL的SIP(Session Initiation Protocol,会话初始协议)服务器。 Kamailio 5.0.7之前版本和5.1.4之前的5.1.x版本中存在安全漏洞。攻击者可借助带有两个‘To’的包头和一个空的‘To’标签的特制SIP消息利用该漏洞执行任意代码或造成拒绝服务(段错误和崩溃)。
CVSS Information
N/A
Vulnerability Type
N/A