Tags › Heap Overflow
Kamailio: off-by-one heap overflow
Published on Mar 19, 2018 in CVE-2018-8828, kamailio, heap overflow, denial of service, security advisory
- Authors:
- Alfred Farrugia alfred@enablesecurity.com
- Sandro Gauci sandro@enablesecurity.com
- Fixed versions: Kamailio v5.1.2, v5.0.6 and v4.4.7
- References: CVE-2018-8828
- Enable Security Advisory: https://www.enablesecurity.com/advisories/ES2018-05-kamailio-heap-overflow/
- Kamailio Security Advisory: https://www.kamailio.org/w/2018/03/kamailio-security-announcement-tmx-lcr/
- Tested vulnerable versions: 5.1.1, 5.1.0, 5.0.0
- Timeline:
- Report date: 2018-02-10
- Kamailio confirmed issue: 2018-02-10
- Kamailio patch: 2018-02-10
- Kamailio release with patch: 2018-03-01
- Enable Security advisory: 2018-03-19
Description
A specially crafted REGISTER message with a malformed branch or From tag triggers an off-by-one heap overflow.
Impact
Abuse of this vulnerability leads to denial of service in Kamailio. Further research may show that exploitation leads to remote code execution.
…
Asterisk PJSIP: heap overflow in CSeq header parsing
Published on May 23, 2017 in CVE-2017-9372, asterisk, pjsip, heap overflow, security advisory
- Authors:
- Alfred Farrugia alfred@enablesecurity.com
- Sandro Gauci sandro@enablesecurity.com
- Vulnerable version: Asterisk 14.4.0 running
chan_pjsip, PJSIP 2.6 - References: AST-2017-002, CVE-2017-9372
- Enable Security Advisory: https://www.enablesecurity.com/advisories/ES2017-01-asterisk-pjsip-cseq-overflow/
- Vendor Advisory: http://downloads.asterisk.org/pub/security/AST-2017-002.html
- Timeline:
- Report date: 2017-04-12
- Digium confirmed issue: 2017-04-12
- Digium patch and advisory: 2017-05-19
- PJSIP added patch by Digium: 2017-05-21
- Enable Security advisory: 2017-05-23
Description
A specially crafted SIP message with a long CSEQ value will cause a heap overflow in PJSIP.
Impact
Abuse of this vulnerability leads to denial of service in Asterisk when chan_pjsip is in use. This vulnerability is likely to be abused for remote code execution and may affect other code that makes use of PJSIP.