VDB
CVE-2016-2385
CVE-2016-2385
PUBLISHED
Heap-based buffer overflow in the encode_msg function in encode_msg.c in the SEAS module in Kamailio (formerly OpenSER and SER) before 4.3.5 allows remote attackers to cause a denial of service (memory corruption and process crash) or possibly execute arbitrary code via a large SIP packet.
EPSS 22.50% · 96.0th percentile
Risk Scores
EPSS Score
22.50%
96.0th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ubuntu:Pro:16.04:LTS | kamailio | 0, 4.3.1-2ubuntu1, 4.3.4-1.1ubuntu1 |
Exploit Intelligence
- DSA-3535 (circl)
- DSA-3537 (circl)
- 20160330 CVE-2016-2385 Kamailio SEAS module heap buffer overflow (circl)
- http://www.kamailio.org/pub/kamailio/4.3.5/ChangeLog (circl)
- http://packetstormsecurity.com/files/136477/Kamailio-4.3.4-Heap-Overflow.html (vulncheck-nvd)
- https://census-labs.com/news/2016/03/30/kamailio-seas-heap-overflow/ (vulncheck-nvd)
- https://github.com/kamailio/kamailio/commit/f50c9c853e7809810099c970780c30b0765b0643 (vulncheck-nvd)
- 39638 (cve.org)
- Kamailio 4.3.4 - Heap Based Buffer Overflow (0day-today)
- Kamailio 4.3.4 - Heap Based Buffer Overflow (0day-today)
Timeline
- Mar 30, 2016 PoC Published
- Apr 11, 2016 CVE Published
- Feb 4, 2022 EPSS Score
- Mar 29, 2022 EPSS Score
- Jul 12, 2022 EPSS Score
- Sep 3, 2022 EPSS Score
- Dec 18, 2022 EPSS Score
- Feb 8, 2023 EPSS Score
- Mar 7, 2023 EPSS Score
- May 25, 2023 EPSS Score
- Jun 4, 2023 EPSS Score
- Jul 16, 2023 EPSS Score
References
- https://ubuntu.com/security/CVE-2016-2385 third-party-advisory
- https://github.com/kamailio/kamailio/commit/f50c9c853e7809810099c970780c30b0765b0643 third-party-advisory
- http://www.openwall.com/lists/oss-security/2016/02/15/4 third-party-advisory
- https://www.cve.org/CVERecord?id=CVE-2016-2385 third-party-advisory
- https://ubuntu.com/security/notices/USN-7416-1 vendor-advisory