Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
In Kamailio before 5.0.7 and 5.1.x before 5.1.4, a crafted SIP message with an invalid Via header causes a segmentation fault and crashes Kamailio. The reason is missing input validation in the crcitt_string_array core function for calculating a CRC hash for To tags. (An additional error is present in the check_via_address core function: this function also misses input validation.) This could result in denial of service and potentially the execution of arbitrary code.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Kamailio 代码问题漏洞
Vulnerability Description
Kamailio是德国FhG FOKUS研究所研发的一款开源基于GPL的SIP(Session Initiation Protocol,会话初始协议)服务器。 Kamailio 5.0.7之前版本和5.1.4之前的5.1.x版本中存在安全漏洞,该漏洞源于‘crcitt_string_array’函数和‘check_via_address’函数缺少输入验证。攻击者可借助带有无效Via包头的特制SIP消息利用该漏洞可能执行任意代码或造成拒绝服务(Kamailio崩溃)。
CVSS Information
N/A
Vulnerability Type
N/A