Candidate: CVE-2018-8828
PublicDate: 2018-03-20 20:29:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8828
 https://github.com/EnableSecurity/advisories/tree/master/ES2018-05-kamailio-heap-overflow
 https://github.com/kamailio/kamailio/commit/e1d8008a09d9390ebaf698abe8909e10dfec4097
 https://ubuntu.com/security/notices/USN-4240-1
Description:
 A Buffer Overflow issue was discovered in Kamailio before 4.4.7, 5.0.x
 before 5.0.6, and 5.1.x before 5.1.2. A specially crafted REGISTER message
 with a malformed branch or From tag triggers an off-by-one heap-based
 buffer overflow in the tmx_check_pretran function in
 modules/tmx/tmx_pretran.c.
Ubuntu-Description:
Notes:
Bugs:
Priority: high
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H [9.8 CRITICAL]


Patches_kamailio:
upstream_kamailio: released (5.1.2-1)
precise/esm_kamailio: DNE
trusty_kamailio: ignored (reached end-of-life)
trusty/esm_kamailio: DNE (trusty was not-affected [code not present])
xenial_kamailio: released (4.3.4-1.1ubuntu2.1)
artful_kamailio: ignored (reached end-of-life)
bionic_kamailio: not-affected (5.1.2-1ubuntu2)
cosmic_kamailio: not-affected (5.1.2-1ubuntu2)
disco_kamailio: not-affected (5.1.2-1ubuntu2)
eoan_kamailio: not-affected (5.1.2-1ubuntu2)
devel_kamailio: not-affected (5.1.2-1ubuntu2)