Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
kamailio kamailio vulnerabilities and exploits
(subscribe to this query)
5.4
CVSSv3
CVE-2020-28361
Kamailio prior to 5.4.0, as used in Sip Express Router (SER) in Sippy Softswitch 4.5 up to and including 5.2 and other products, allows a bypass of a header-removal protection mechanism via whitespace characters. This occurs in the remove_hf function in the Kamailio textops modul...
Kamailio Kamailio
7.8
CVSSv3
CVE-2015-1590
The kamcmd administrative utility and default configuration in kamailio prior to 4.3.0 use /tmp/kamailio_ctl.
Kamailio Kamailio
7.8
CVSSv3
CVE-2015-1591
The kamailio build in kamailio prior to 4.2.0-2 process allows local users to gain privileges.
Kamailio Kamailio
9.8
CVSSv3
CVE-2020-27507
The Kamailio SIP prior to 5.5.0 server mishandles INVITE requests with duplicated fields and overlength tag, leading to a buffer overflow that crashes the server or possibly have unspecified other impact.
Kamailio Kamailio
9.8
CVSSv3
CVE-2013-7426
Insecure Temporary file vulnerability in /tmp/kamailio_fifo in kamailio 4.0.1.
Kamailio Kamailio 4.0.1-1
9.8
CVSSv3
CVE-2016-2385
Heap-based buffer overflow in the encode_msg function in encode_msg.c in the SEAS module in Kamailio (formerly OpenSER and SER) prior to 4.3.5 allows remote malicious users to cause a denial of service (memory corruption and process crash) or possibly execute arbitrary code via a...
Debian Debian Linux 8.0
Kamailio Kamailio
1 EDB exploit
9.8
CVSSv3
CVE-2018-8828
A Buffer Overflow issue exists in Kamailio prior to 4.4.7, 5.0.x prior to 5.0.6, and 5.1.x prior to 5.1.2. A specially crafted REGISTER message with a malformed branch or From tag triggers an off-by-one heap-based buffer overflow in the tmx_check_pretran function in modules/tmx/t...
Kamailio Kamailio
Debian Debian Linux 9.0
Debian Debian Linux 8.0
9.8
CVSSv3
CVE-2018-16657
In Kamailio prior to 5.0.7 and 5.1.x prior to 5.1.4, a crafted SIP message with an invalid Via header causes a segmentation fault and crashes Kamailio. The reason is missing input validation in the crcitt_string_array core function for calculating a CRC hash for To tags. (An addi...
Debian Debian Linux 9.0
Debian Debian Linux 8.0
Kamailio Kamailio
9.8
CVSSv3
CVE-2018-14767
In Kamailio prior to 5.0.7 and 5.1.x prior to 5.1.4, a crafted SIP message with a double "To" header and an empty "To" tag causes a segmentation fault and crash. The reason is missing input validation in the "build_res_buf_from_sip_req" core function...
Debian Debian Linux 8.0
Debian Debian Linux 9.0
Kamailio Kamailio
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
camera
bypass
CVE-2024-3592
CVE-2024-37383
CVE-2024-24919
CVE-2024-27822
CVE-2024-36788
CVE-2024-36789
man-in-the-middle
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started