Candidate: CVE-2018-16657
PublicDate: 2018-09-07 14:29:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16657
 https://skalatan.de/blog/advisory-hw-2018-06
 https://github.com/kamailio/kamailio/commit/ad68e402ece8089f133c10de6ce319f9e28c0692 (master)
 https://github.com/kamailio/kamailio/commit/d67b2f9874ca23bd69f18df71b8f53b1b6151f6d (5.1)
 https://github.com/kamailio/kamailio/commit/f07dabffef98c7088cdbc2bd695a4ae7a241b159 (5.0)
Description:
 In Kamailio before 5.0.7 and 5.1.x before 5.1.4, a crafted SIP message with
 an invalid Via header causes a segmentation fault and crashes Kamailio. The
 reason is missing input validation in the crcitt_string_array core function
 for calculating a CRC hash for To tags. (An additional error is present in
 the check_via_address core function: this function also misses input
 validation.) This could result in denial of service and potentially the
 execution of arbitrary code.
Ubuntu-Description:
Notes:
Bugs:
 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=908324
Priority: medium
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H [9.8 CRITICAL]


Patches_kamailio:
upstream_kamailio: released (5.1.4-1)
precise/esm_kamailio: DNE
trusty_kamailio: ignored (reached end-of-life)
trusty/esm_kamailio: DNE (trusty was needs-triage)
xenial_kamailio: ignored (end of standard support, was needed)
bionic_kamailio: needed
cosmic_kamailio: ignored (reached end-of-life)
disco_kamailio: not-affected (5.2.1-1)
eoan_kamailio: not-affected (5.2.3-1)
focal_kamailio: not-affected (5.2.3-1)
groovy_kamailio: not-affected (5.2.3-1)
hirsute_kamailio: not-affected (5.2.3-1)
impish_kamailio: not-affected (5.2.3-1)
jammy_kamailio: not-affected (5.2.3-1)
devel_kamailio: not-affected (5.2.3-1)