VDB
CVE-2020-27507
CVE-2020-27507
PUBLISHED
The Kamailio SIP before 5.5.0 server mishandles INVITE requests with duplicated fields and overlength tag, leading to a buffer overflow that crashes the server or possibly have unspecified other impact.
EPSS 0.41% · 61.8th percentile
Risk Scores
EPSS Score
0.41%
61.8th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ubuntu:Pro:20.04:LTS | kamailio | 0, 5.2.3-1build3, 5.2.3-1build4 |
| Ubuntu:Pro:18.04:LTS | kamailio | 5.0.4-1ubuntu1, 5.1.1-1ubuntu1, 5.1.1-1ubuntu4 |
| Ubuntu:Pro:16.04:LTS | kamailio | 4.3.1-2ubuntu1, 4.3.4-1.1ubuntu1, 4.3.4-1.1ubuntu2 |
Exploit Intelligence
Timeline
- Mar 15, 2023 CVE Published
- Mar 16, 2023 EPSS Score
- Apr 24, 2023 EPSS Score
- Jun 1, 2023 EPSS Score
- Jul 10, 2023 EPSS Score
- Aug 18, 2023 EPSS Score
- Sep 25, 2023 EPSS Score
- Nov 3, 2023 EPSS Score
- Dec 12, 2023 EPSS Score
- Jan 19, 2024 EPSS Score
- Feb 27, 2024 EPSS Score
- Apr 6, 2024 EPSS Score
References
- https://ubuntu.com/security/CVE-2020-27507 third-party-advisory
- https://github.com/kamailio/kamailio/commit/ada3701d22b1fd579f06b4f54fa695fa988e685f third-party-advisory
- https://github.com/kamailio/kamailio/issues/2503 third-party-advisory
- https://ubuntu.com/security/notices/USN-6022-1 vendor-advisory
- https://www.cve.org/CVERecord?id=CVE-2020-27507 third-party-advisory