projects / feed / telephony.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 7fbb945) | patch
kamailio-5.x: add fix for CVE-2018-14767 361/head
authorSebastian Kemper <sebastian_ml@gmx.net>
Mon, 6 Aug 2018 21:28:41 +0000 (23:28 +0200)
committerSebastian Kemper <sebastian_ml@gmx.net>
Mon, 6 Aug 2018 21:28:43 +0000 (23:28 +0200)
commit4a0a578f4394ff9ebb255f5833b488df9a508b31
treef89ba3a090301f837c89b7f1fc365f08b3d42b8ftree | snapshot
parent7fbb94503fd29059ca5497f4892e1558a370370fcommit | diff
kamailio-5.x: add fix for CVE-2018-14767

CVE-2018-14767: "In Kamailio before 5.0.7 and 5.1.x before 5.1.4, a
crafted SIP message with a double "To" header and an empty "To" tag
causes a segmentation fault and crash. The reason is missing input
validation in the "build_res_buf_from_sip_req" core function. This could
result in denial of service and potentially the execution of arbitrary
code."

Signed-off-by: Sebastian Kemper <sebastian_ml@gmx.net>
net/kamailio-5.x/Makefile diff | blob | history
net/kamailio-5.x/patches/140-CVE-2018-14767.patch [new file with mode: 0644] blob
Mirror of telephony feed