CVE-2018-8828
- Source
- https://cve.org/CVERecord?id=CVE-2018-8828
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-8828.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2018-8828
- Downstream
- Published
- 2018-03-20T20:29:00.350Z
- Modified
- 2026-04-11T14:11:09.874637Z
- Severity
-
- 9.8 (Critical) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- [none]
- Details
-
A Buffer Overflow issue was discovered in Kamailio before 4.4.7, 5.0.x before 5.0.6, and 5.1.x before 5.1.2. A specially crafted REGISTER message with a malformed branch or From tag triggers an off-by-one heap-based buffer overflow in the tmxcheckpretran function in modules/tmx/tmx_pretran.c.
- References
Affected packages
Git / github.com/kamailio/kamailio
Affected ranges
- Type
- GIT
- Repo
- https://github.com/kamailio/kamailio
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixedIntroducedFixedIntroducedFixedFixed
- Database specific
{ "versions": [ { "introduced": "0" }, { "fixed": "4.4.7" }, { "introduced": "5.0.0" }, { "fixed": "5.0.6" }, { "introduced": "5.1.0" }, { "fixed": "5.1.2" } ] }
Affected versions
3.*
3.0_pre1
4.*
4.4.0
4.4.1
4.4.2
4.4.3
4.4.4
4.4.5
4.4.6
5.*
5.0.0
5.0.1
5.0.2
5.0.3
5.0.4
5.0.5
5.1.0
5.1.1
Other
after_0_9_4_pkg_merge
after_makefile_merges
after_testing_0_8_12_r0_merge
after_testing_0_8_12_r1_merge
after_xl
before_db_api_changes
before_dest_info_changes_2
before_kill_repl_add_rm
before_lumps_split
before_malloc_changes
before_new_timers
before_replication_patch
before_socket_info_lists
before_str2ip_changes
before_tcp_port_aliases
before_testing_0_8_12_r0_merge
before_testing_0_8_12_r1_merge
before_tm_timers
before_xl
bflmpsvz
bigbang
bogdan_final_version
budvar
fixstats
gpled
ipv4_working
ipv6
last_merge_to_janakj
listen_ifs
mem-fixes
myself_port_lo
new_cfg_compiles
new_hash
new_timers
old_mod_iface
post-zt
pre-bigbang
pre-zt
pre22
pre6-tcp4
pre6-tcp5-tm
pre_fixstats
pregpl
rel_0_8_11_root
rel_0_9_0_root
ser_0-8-6-4
ser_081-plugins
ser_082
ser_0839_errors
ser_0_7
ser_0_8_10
ser_0_8_10_pre2
ser_0_8_10_pre3
ser_0_8_10_pre4
ser_0_8_10_pre5
ser_0_8_3_1
ser_0_8_3_2
ser_0_8_6-5-stable
ser_0_8_6-6-beer-release
ser_0_8_7-0-unstable
ser_0_8_8-final-cd-release
ser_0_8_9
ser_0_8_9-release
sip_083
sip_pre-plugin
sr_before_modules_merge
sr_simpleconfig
srv
tcp2
testing_0_8_12_root
tmp_pcl_tag_17368Js8
v03
v0_2
v0_8_11_pre9
v0_8_11dev34
v0_8_11pre29
v0_8_11pre29-prerelease
v0_8_11pre29-prerelease-cd
v0_8_11pre8
v0_8_12_t02_merged_w_v0_8_11pre35
v0_8_12dev-t03
v0_8_12dev_t05
v0_8_12dev_t13
v0_8_13dev-t16
v0_8_8
wo_sp
sr_3.*
sr_3.1_freeze
Database specific
source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-8828.json"
vanir_signatures_modified
"2026-04-11T14:11:09Z"
unresolved_ranges
[
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "8.0"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "9.0"
}
]
}
]
vanir_signatures
[
{
"signature_version": "v1",
"signature_type": "Line",
"source": "https://github.com/kamailio/kamailio/commit/e1d8008a09d9390ebaf698abe8909e10dfec4097",
"digest": {
"threshold": 0.9,
"line_hashes": [
"202312855581435197133371407321087176701",
"277043145890525527711492030391328171372",
"78360990353905610262814467092084753475",
"38820567475123698968890758151512420525"
]
},
"id": "CVE-2018-8828-96b9e290",
"deprecated": false,
"target": {
"file": "src/modules/tmx/tmx_pretran.c"
}
},
{
"signature_version": "v1",
"signature_type": "Function",
"source": "https://github.com/kamailio/kamailio/commit/e1d8008a09d9390ebaf698abe8909e10dfec4097",
"digest": {
"function_hash": "294881891307122545872262304880529037414",
"length": 5848.0
},
"id": "CVE-2018-8828-da97b9af",
"deprecated": false,
"target": {
"file": "src/modules/tmx/tmx_pretran.c",
"function": "tmx_check_pretran"
}
}
]