CVE-2016-2385

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2016-2385

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2016-2385.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2016-2385

Related

Published

2016-04-11T15:59:05Z

Modified

2025-01-15T00:59:37.643606Z

Severity

9.8 (Critical) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

Heap-based buffer overflow in the encodemsg function in encodemsg.c in the SEAS module in Kamailio (formerly OpenSER and SER) before 4.3.5 allows remote attackers to cause a denial of service (memory corruption and process crash) or possibly execute arbitrary code via a large SIP packet.

References

Affected packages

Debian:11 / kamailio

Package

Name: kamailio
Purl: pkg:deb/debian/kamailio?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

4.3.4-2

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / kamailio

Package

Name: kamailio
Purl: pkg:deb/debian/kamailio?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

4.3.4-2

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / kamailio

Package

Name: kamailio
Purl: pkg:deb/debian/kamailio?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

4.3.4-2

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Git / github.com/kamailio/kamailio

Affected ranges

Type: GIT
Repo: https://github.com/kamailio/kamailio
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

f50c9c853e7809810099c970780c30b0765b0643

Fixed

f50c9c853e7809810099c970780c30b0765b0643

Affected versions

3.*

3.0_pre1

Other

after_0_9_4_pkg_merge

after_makefile_merges

after_testing_0_8_12_r0_merge

after_testing_0_8_12_r1_merge

after_xl

before_db_api_changes

before_dest_info_changes_2

before_kill_repl_add_rm

before_lumps_split

before_malloc_changes

before_new_timers

before_pa

before_replication_patch

before_socket_info_lists

before_str2ip_changes

before_tcp_port_aliases

before_testing_0_8_12_r0_merge

before_testing_0_8_12_r1_merge

before_tm_timers

before_xl

bflmpsvz

bigbang

bogdan_final_version

budvar

fixstats

gpled

ipv4_working

ipv6

last_merge_to_janakj

listen_ifs

mem-fixes

myself_port_lo

new_cfg_compiles

new_hash

new_timers

old_mod_iface

orig

ported_ser_cvs_modules

post-zt

pre-bigbang

pre-zt

pre22

pre6-tcp4

pre6-tcp5-tm

pre_fixstats

pregpl

pure_ser_cvs_modules

rel_0_8_11_root

rel_0_9_0_root

ser_0-8-6-4

ser_081-plugins

ser_082

ser_0839_errors

ser_0_7

ser_0_8_10

ser_0_8_10_pre2

ser_0_8_10_pre3

ser_0_8_10_pre4

ser_0_8_10_pre5

ser_0_8_3_1

ser_0_8_3_2

ser_0_8_6-5-stable

ser_0_8_6-6-beer-release

ser_0_8_7-0-unstable

ser_0_8_8-final-cd-release

ser_0_8_9

ser_0_8_9-release

sip_083

sip_pre-plugin

sr_before_modules_merge

sr_simpleconfig

srv

tcp2

testing_0_8_12_root

tmp_pcl_tag_17368Js8

v03

v0_2

v0_8_11_pre9

v0_8_11dev34

v0_8_11pre29

v0_8_11pre29-prerelease

v0_8_11pre29-prerelease-cd

v0_8_11pre8

v0_8_12_t02_merged_w_v0_8_11pre35

v0_8_12dev-t03

v0_8_12dev_t05

v0_8_12dev_t13

v0_8_13dev-t16

v0_8_8

voicemail_0_1_0

wo_sp

sr_3.*

sr_3.1_freeze