Kamailio
Monthly
Kamailio versions prior to 6.0.5 and 5.8.7 contain an out-of-bounds read in the auth module that allows remote attackers with high privileges to trigger a denial of service via a specially crafted SIP packet when successful user authentication without a database backend is followed by additional identity checks. The vulnerability requires high privilege level and high attack complexity but can reliably crash the Kamailio process, impacting SIP service availability.
Out-of-bounds memory access in Kamailio SIP server versions before 5.8.8, 6.0.6, and 6.1.1 enables unauthenticated remote attackers to crash server processes via malformed TCP packets. Affects deployments with TCP or TLS listeners enabled. Exploits network-accessible SIP signaling infrastructure without authentication or user interaction, resulting in complete service unavailability. No public exploit identified at time of analysis.
Null pointer dereference in Kamailio 5.5.0's grammar rule handler (src/core/cfg.y, yyerror_at function) causes denial of service when processing malformed configuration files. Local authenticated attackers can trigger the vulnerability by manipulating config files, resulting in application crash. Publicly available exploit code exists, but exploitation requires local access and config file manipulation, limiting real-world attack surface. EPSS score of 0.03% indicates minimal exploitation probability despite disclosed POC.
Kamailio 5.5.0 suffers a null pointer dereference in the rve_is_constant function (src/core/rvalue.c) triggered by manipulation of local configuration files, resulting in denial of service. The attack requires local access with low privileges and produces only availability impact. Publicly available exploit code exists, but active exploitation has not been confirmed by CISA KEV, and the vulnerability's genuine existence remains disputed by the original reporter. Real-world risk is minimal given the low EPSS score (0.03%), requirement for config file manipulation, and minimal impact surface.
Use-after-free vulnerability in Kamailio 5.5.0 configuration file parser allows local authenticated attackers to cause denial of service or memory corruption via malformed configuration files. The vulnerability exists in the sr_push_yy_state function within the lexical analyzer (cfg.lex) and has publicly available exploit code, though the vendor has not responded to disclosure and practical exploitability remains uncertain due to the requirement for direct configuration file manipulation.
Heap-based buffer overflow in Kamailio 5.5.0's rve_destroy function allows local authenticated attackers to cause limited data corruption through manipulation of configuration files, with publicly available exploit code but extremely low real-world risk due to local access requirement, authenticated privilege level, and acknowledged uncertainty about vulnerability existence.
Kamailio versions prior to 6.0.5 and 5.8.7 contain an out-of-bounds read in the auth module that allows remote attackers with high privileges to trigger a denial of service via a specially crafted SIP packet when successful user authentication without a database backend is followed by additional identity checks. The vulnerability requires high privilege level and high attack complexity but can reliably crash the Kamailio process, impacting SIP service availability.
Out-of-bounds memory access in Kamailio SIP server versions before 5.8.8, 6.0.6, and 6.1.1 enables unauthenticated remote attackers to crash server processes via malformed TCP packets. Affects deployments with TCP or TLS listeners enabled. Exploits network-accessible SIP signaling infrastructure without authentication or user interaction, resulting in complete service unavailability. No public exploit identified at time of analysis.
Null pointer dereference in Kamailio 5.5.0's grammar rule handler (src/core/cfg.y, yyerror_at function) causes denial of service when processing malformed configuration files. Local authenticated attackers can trigger the vulnerability by manipulating config files, resulting in application crash. Publicly available exploit code exists, but exploitation requires local access and config file manipulation, limiting real-world attack surface. EPSS score of 0.03% indicates minimal exploitation probability despite disclosed POC.
Kamailio 5.5.0 suffers a null pointer dereference in the rve_is_constant function (src/core/rvalue.c) triggered by manipulation of local configuration files, resulting in denial of service. The attack requires local access with low privileges and produces only availability impact. Publicly available exploit code exists, but active exploitation has not been confirmed by CISA KEV, and the vulnerability's genuine existence remains disputed by the original reporter. Real-world risk is minimal given the low EPSS score (0.03%), requirement for config file manipulation, and minimal impact surface.
Use-after-free vulnerability in Kamailio 5.5.0 configuration file parser allows local authenticated attackers to cause denial of service or memory corruption via malformed configuration files. The vulnerability exists in the sr_push_yy_state function within the lexical analyzer (cfg.lex) and has publicly available exploit code, though the vendor has not responded to disclosure and practical exploitability remains uncertain due to the requirement for direct configuration file manipulation.
Heap-based buffer overflow in Kamailio 5.5.0's rve_destroy function allows local authenticated attackers to cause limited data corruption through manipulation of configuration files, with publicly available exploit code but extremely low real-world risk due to local access requirement, authenticated privilege level, and acknowledged uncertainty about vulnerability existence.