projects / feed / telephony.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: b60d329) | patch
kamailio-4.x: add fix for CVE-2018-14767 362/head
authorSebastian Kemper <sebastian_ml@gmx.net>
Mon, 6 Aug 2018 22:21:20 +0000 (00:21 +0200)
committerSebastian Kemper <sebastian_ml@gmx.net>
Mon, 6 Aug 2018 22:21:22 +0000 (00:21 +0200)
commitc48758551a8b4a56ed506920370618470af2ac08
tree430834ee3ff6e437d9b7a8e70d76c7d05583da12tree | snapshot
parentb60d32979aa1913bf37ae7c09e4773735f9f255fcommit | diff
kamailio-4.x: add fix for CVE-2018-14767

CVE-2018-14767: "In Kamailio before 5.0.7 and 5.1.x before 5.1.4, a
crafted SIP message with a double "To" header and an empty "To" tag
causes a segmentation fault and crash. The reason is missing input
validation in the "build_res_buf_from_sip_req" core function. This could
result in denial of service and potentially the execution of arbitrary
code."

Patch from upstream. Path to msg_translator.c amended.

Signed-off-by: Sebastian Kemper <sebastian_ml@gmx.net>
net/kamailio-4.x/Makefile diff | blob | history
net/kamailio-4.x/patches/130-CVE-2018-14767.patch [new file with mode: 0644] blob
Mirror of telephony feed