CVE-2020-28361

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2020-28361

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-28361.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2020-28361

Related

Published

2020-11-18T14:15:12Z

Modified

2025-01-14T08:43:21.296409Z

Severity

5.4 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N CVSS Calculator

Summary

[none]

Details

Kamailio before 5.4.0, as used in Sip Express Router (SER) in Sippy Softswitch 4.5 through 5.2 and other products, allows a bypass of a header-removal protection mechanism via whitespace characters. This occurs in the removehf function in the Kamailio textops module. Particular use of removehf in Sippy Softswitch may allow skilled attacker having a valid credential in the system to disrupt internal call start/duration accounting mechanisms leading potentially to a loss of revenue.

References

Affected packages

Debian:11 / kamailio

Package

Name: kamailio
Purl: pkg:deb/debian/kamailio?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

5.4.0-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / kamailio

Package

Name: kamailio
Purl: pkg:deb/debian/kamailio?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

5.4.0-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / kamailio

Package

Name: kamailio
Purl: pkg:deb/debian/kamailio?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

5.4.0-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Git / github.com/kamailio/kamailio

Affected ranges

Type: GIT
Repo: https://github.com/kamailio/kamailio
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

6c4fceb2ab6818678df16fa3df554392b0707572

Affected versions

3.*

3.0_pre1

Other

after_0_9_4_pkg_merge

after_makefile_merges

after_testing_0_8_12_r0_merge

after_testing_0_8_12_r1_merge

after_xl

before_db_api_changes

before_dest_info_changes_2

before_kill_repl_add_rm

before_lumps_split

before_malloc_changes

before_new_timers

before_pa

before_replication_patch

before_socket_info_lists

before_str2ip_changes

before_tcp_port_aliases

before_testing_0_8_12_r0_merge

before_testing_0_8_12_r1_merge

before_tm_timers

before_xl

bflmpsvz

bigbang

bogdan_final_version

budvar

fixstats

gpled

ipv4_working

ipv6

last_merge_to_janakj

listen_ifs

mem-fixes

myself_port_lo

new_cfg_compiles

new_hash

new_timers

old_mod_iface

orig

ported_ser_cvs_modules

post-zt

pre-bigbang

pre-zt

pre22

pre6-tcp4

pre6-tcp5-tm

pre_fixstats

pregpl

pure_ser_cvs_modules

rel_0_8_11_root

rel_0_9_0_root

ser_0-8-6-4

ser_081-plugins

ser_082

ser_0839_errors

ser_0_7

ser_0_8_10

ser_0_8_10_pre2

ser_0_8_10_pre3

ser_0_8_10_pre4

ser_0_8_10_pre5

ser_0_8_3_1

ser_0_8_3_2

ser_0_8_6-5-stable

ser_0_8_6-6-beer-release

ser_0_8_7-0-unstable

ser_0_8_8-final-cd-release

ser_0_8_9

ser_0_8_9-release

sip_083

sip_pre-plugin

sr_before_modules_merge

sr_simpleconfig

srv

tcp2

testing_0_8_12_root

tmp_pcl_tag_17368Js8

v03

v0_2

v0_8_11_pre9

v0_8_11dev34

v0_8_11pre29

v0_8_11pre29-prerelease

v0_8_11pre29-prerelease-cd

v0_8_11pre8

v0_8_12_t02_merged_w_v0_8_11pre35

v0_8_12dev-t03

v0_8_12dev_t05

v0_8_12dev_t13

v0_8_13dev-t16

v0_8_8

voicemail_0_1_0

wo_sp

sr_3.*

sr_3.1_freeze