VDB
CVE-2018-14767
CVE-2018-14767
PUBLISHED
In Kamailio before 5.0.7 and 5.1.x before 5.1.4, a crafted SIP message with a double "To" header and an empty "To" tag causes a segmentation fault and crash. The reason is missing input validation in the "build_res_buf_from_sip_req" core function. This could result in denial of service and potentially the execution of arbitrary code.
EPSS 2.75% · 86.2th percentile
Risk Scores
EPSS Score
2.75%
86.2th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ubuntu:Pro:18.04:LTS | kamailio | 0, 4.4.2-3ubuntu5, 5.1.1-1ubuntu1 |
| Ubuntu:Pro:16.04:LTS | kamailio | 0, 4.3.4-1.1ubuntu1, 4.3.4-1.1ubuntu2 |
Timeline
- Jul 31, 2018 CVE Published
- Apr 14, 2021 EPSS Score
- Jun 22, 2021 EPSS Score
- Oct 25, 2021 EPSS Score
- Dec 27, 2021 EPSS Score
- Feb 27, 2022 EPSS Score
- May 1, 2022 EPSS Score
- Jul 2, 2022 EPSS Score
- Nov 5, 2022 EPSS Score
- Jan 7, 2023 EPSS Score
- Mar 7, 2023 EPSS Score
- Mar 16, 2023 EPSS Score
References
- https://ubuntu.com/security/CVE-2018-14767 third-party-advisory
- https://skalatan.de/blog/advisory-hw-2018-05 third-party-advisory
- https://www.cve.org/CVERecord?id=CVE-2018-14767 third-party-advisory
- https://ubuntu.com/security/notices/USN-7416-1 vendor-advisory