CVE-2018-8828

NameCVE-2018-8828
DescriptionA Buffer Overflow issue was discovered in Kamailio before 4.4.7, 5.0.x before 5.0.6, and 5.1.x before 5.1.2. A specially crafted REGISTER message with a malformed branch or From tag triggers an off-by-one heap-based buffer overflow in the tmx_check_pretran function in modules/tmx/tmx_pretran.c.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
ReferencesDSA-4148-1

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
kamailio (PTS)bullseye5.4.4-1fixed
bookworm5.6.3-2fixed
sid, trixie5.8.4-1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
kamailiosourcejessie4.2.0-2+deb8u3DSA-4148-1
kamailiosourcestretch4.4.4-2+deb9u1DSA-4148-1
kamailiosource(unstable)5.1.2-1

Notes

https://github.com/EnableSecurity/advisories/tree/master/ES2018-05-kamailio-heap-overflow
https://github.com/kamailio/kamailio/commit/e1d8008a09d9390ebaf698abe8909e10dfec4097
Search for package or bug name: Reporting problems