Candidate: CVE-2016-2385
PublicDate: 2016-04-11 15:59:00 UTC
References: 
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2385
 https://github.com/kamailio/kamailio/commit/f50c9c853e7809810099c970780c30b0765b0643
 http://www.openwall.com/lists/oss-security/2016/02/15/4
Description:
 Heap-based buffer overflow in the encode_msg function in encode_msg.c in
 the SEAS module in Kamailio (formerly OpenSER and SER) before 4.3.5 allows
 remote attackers to cause a denial of service (memory corruption and
 process crash) or possibly execute arbitrary code via a large SIP packet.
Ubuntu-Description: 
Notes: 
Bugs: 
Priority: medium
Discovered-by:
Assigned-to: 
CVSS:
 nvd: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H [9.8 CRITICAL]

Patches_kamailio:
upstream_kamailio: released (4.4.0-1)
precise_kamailio: DNE
precise/esm_kamailio: DNE
trusty_kamailio: ignored (reached end-of-life)
trusty/esm_kamailio: DNE (trusty was needed)
vivid/stable-phone-overlay_kamailio: DNE
vivid/ubuntu-core_kamailio: DNE
wily_kamailio: ignored (reached end-of-life)
xenial_kamailio: ignored (end of standard support, was needed)
yakkety_kamailio: ignored (reached end-of-life)
zesty_kamailio: ignored (reached end-of-life)
artful_kamailio: ignored (reached end-of-life)
bionic_kamailio: not-affected (4.4.0-1)
cosmic_kamailio: not-affected (4.4.0-1)
disco_kamailio: not-affected (4.4.0-1)
eoan_kamailio: not-affected (4.4.0-1)
focal_kamailio: not-affected (4.4.0-1)
groovy_kamailio: not-affected (4.4.0-1)
hirsute_kamailio: not-affected (4.4.0-1)
impish_kamailio: not-affected (4.4.0-1)
jammy_kamailio: not-affected (4.4.0-1)
devel_kamailio: not-affected (4.4.0-1)