oss-sec mailing list archives
Re: CVE Request: Kamailio 4.3.4 SEAS Module Heap overflow
From: cve-assign () mitre org
Date: Mon, 15 Feb 2016 12:23:32 -0500 (EST)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
a (remotely exploitable) heap overflow vulnerability was found in Kamailio v4.3.4. We have notified the developers and they have addressed this through commit: https://github.com/kamailio/kamailio/commit/f50c9c853e7809810099c970780c30b0765b0643
seas: safety check for target buffer size before copying message in encode_msg()
avoid buffer overflow for large SIP messages
modules/seas/encode_msg.c
Use CVE-2016-2385. - -- CVE assignment team, MITRE CVE Numbering Authority M/S M300 202 Burlington Road, Bedford, MA 01730 USA [ PGP key available through http://cve.mitre.org/cve/request_id.html ] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCAAGBQJWwghNAAoJEL54rhJi8gl5cv4P/RRMA3ZoAj5Yju7JaOUObi6l kUmdSs/qqg4N2oz4YXmSvZOkZTFPOsDNuFNaho7wslnd654mCWCC8yvIWOlnBOhK tC9al/blgwVIUpPk2RwR+5H1V5iIyYRL6V7kZ/SKlpemBevSvLgIf7xvHjgCcvzU D0qmlWcaRT7wlhrWWD6Zyxez1dMTBzuvYZBfpz4xdYVrppSdOCPbsMdH2+IzChyd 8q/MwVgdPE+9FG+UZe0qqDy7zASNsFR5kCo/A6mMjdl5XfAHTt+ANn40XtKRkawd 8i2Ob8x7tyjv2yhCAa1L/FO5eqQzTR0UcSB9toLJjSNXNqDZvWPVzh/bsW32amr1 +GGqEvv1haFyKT6jOHN5t9xQoyEEb5LstadBrRTLU6h8EDIWza1zAG/PVBPyF2pb i1O/3NwEu7T7bdVV8y0SbqlgPtan7PxxKI4i8Q9HUdh5tnnd923DLI2IZB+lVkZe rrSPBiBdA/biCUJkxe6nlA4LOZpbjhiTrttWG1xpSPDpPgu3HwSVvN8/meIPnNjH 6N3oxg/ZmbK5CI0RXEQ6zzoseIxiTZJdkJG5rcUxVdcs8UNMErNw7/9EumJAHdUW EnPKqSHYFxFC7oGURwTsw0M/NgD8WFIvWj6b7qhS5ITFyhrgwytJGcp/aLK+csJt WhelUxp3alZJF+dIhKKy =Il5r -----END PGP SIGNATURE-----
Current thread:
- CVE Request: Kamailio 4.3.4 SEAS Module Heap overflow Stelios Tsampas (Feb 15)
- Re: CVE Request: Kamailio 4.3.4 SEAS Module Heap overflow cve-assign (Feb 15)