CVE-2018-16657

Priority
Description
In Kamailio before 5.0.7 and 5.1.x before 5.1.4, a crafted SIP message with
an invalid Via header causes a segmentation fault and crashes Kamailio. The
reason is missing input validation in the crcitt_string_array core function
for calculating a CRC hash for To tags. (An additional error is present in
the check_via_address core function: this function also misses input
validation.) This could result in denial of service and potentially the
execution of arbitrary code.
Notes
Package
Upstream:released (5.1.4-1)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE (trusty was needs-triage)
Ubuntu 16.04 LTS (Xenial Xerus):needed
Ubuntu 18.04 LTS (Bionic Beaver):needed
Ubuntu 19.10 (Eoan Ermine):not-affected (5.2.3-1)
Ubuntu 20.04 (Focal Fossa):not-affected (5.2.3-1)
More Information

Updated: 2020-03-18 21:31:14 UTC (commit 2ea7df7bd1e69e1e489978d2724a936eb3faa1b8)