Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
10
CVSSv2

CVE-2016-2385

Published: 11/04/2016 Updated: 09/10/2018
CVSS v2 Base Score: 10 | Impact Score: 10 | Exploitability Score: 10
CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9
VMScore: 1000
Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Subscribe to Debian Linux

Vulnerability Summary

Heap-based buffer overflow in the encode_msg function in encode_msg.c in the SEAS module in Kamailio (formerly OpenSER and SER) prior to 4.3.5 allows remote malicious users to cause a denial of service (memory corruption and process crash) or possibly execute arbitrary code via a large SIP packet.

Vulnerable Product Search on Vulmon Subscribe to Product

debian debian linux 8.0

kamailio kamailio

Vendor Advisories

Debian CVElist Bug Report Logs: kamailio: CVE-2016-2385: SEAS Module Heap overflow
Debian Bug report logs - #815178 kamailio: CVE-2016-2385: SEAS Module Heap overflow Package: src:kamailio; Maintainer for src:kamailio is Debian VoIP Team <pkg-voip-maintainers@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Fri, 19 Feb 2016 18:00:15 UTC Severity: grave Tags: fix ...
Debian Security Advisories: DSA-3535-1 kamailio -- security update
Stelios Tsampas discovered a buffer overflow in the Kamailio SIP proxy which might result in the execution of arbitrary code For the stable distribution (jessie), this problem has been fixed in version 420-2+deb8u1 For the testing distribution (stretch), this problem has been fixed in version 434-2 For the unstable distribution (sid), this p ...

Exploits

Exploit DB: Kamailio 4.3.4 - Heap Buffer Overflow
census ID: census-2016-0009 CVE ID: CVE-2016-2385 Affected Products: Kamailio 434 (and possibly previous versions) Class: Heap-based Buffer Overflow (CWE-122) Remote: Yes Discovered by: Stelios Tsampas Kamailio (successor of former OpenSER and SER) is an Open Source SIP Server released under GPL, able to handle thousands of call setups per second ...

References

CWE-119http://www.debian.org/security/2016/dsa-3535http://packetstormsecurity.com/files/136477/Kamailio-4.3.4-Heap-Overflow.htmlhttp://www.debian.org/security/2016/dsa-3537https://census-labs.com/news/2016/03/30/kamailio-seas-heap-overflow/https://github.com/kamailio/kamailio/commit/f50c9c853e7809810099c970780c30b0765b0643http://www.kamailio.org/pub/kamailio/4.3.5/ChangeLoghttps://www.exploit-db.com/exploits/39638/http://www.securityfocus.com/archive/1/537926/100/0/threadedhttps://bugs.debian.org/cgi-bin/bugreport.cgi?bug=815178https://nvd.nist.govhttps://www.exploit-db.com/exploits/39638/https://www.debian.org/security/./dsa-3535
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
client sideCVE-2023-31889template injectionCVE-2024-4304CVE-2006-4304CVE-2024-33272type confusionCVE-2024-21345CVE-2024-33271
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook