FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVE-2016-2385

This CVE name corresponds to:

Entered Topic
2016-03-19 kamailio -- SEAS Module Heap overflow

The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.

CVE-2016-2385 at cve.mitre.org

Details

Type Candidate
Name CVE-2016-2385
Phase Assigned(20160215)

Description

Heap-based buffer overflow in the encode_msg function in encode_msg.c in the SEAS module in Kamailio (formerly OpenSER and SER) before 4.3.5 allows remote attackers to cause a denial of service (memory corruption and process crash) or possibly execute arbitrary code via a large SIP packet.

References

Source Reference
BUGTRAQ 20160330 CVE-2016-2385 Kamailio SEAS module heap buffer overflow
EXPLOIT-DB 39638
MISC http://packetstormsecurity.com/files/136477/Kamailio-4.3.4-Heap-Overflow.html
MISC https://census-labs.com/news/2016/03/30/kamailio-seas-heap-overflow/
CONFIRM http://www.kamailio.org/pub/kamailio/4.3.5/ChangeLog
CONFIRM https://github.com/kamailio/kamailio/commit/f50c9c853e7809810099c970780c30b0765b0643
DEBIAN DSA-3535
DEBIAN DSA-3537

Copyright © 2005 The MITRE Corporation.

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.