SecuritySpace - CVE-2018-16657

Vulnerability Search		Search 324607 CVE descriptions and 145615 test descriptions, access 10,000+ cross references.
	Tests CVE All

CVE ID: CVE-2018-16657

Description: In Kamailio before 5.0.7 and 5.1.x before 5.1.4, a crafted SIP message with an invalid Via header causes a segmentation fault and crashes Kamailio. The reason is missing input validation in the crcitt_string_array core function for calculating a CRC hash for To tags. (An additional error is present in the check_via_address core function: this function also misses input validation.) This could result in denial of service and potentially the execution of arbitrary code.

Test IDs: 1.3.6.1.4.1.25623.1.0.704292 1.3.6.1.4.1.25623.1.0.891503

Cross References: Common Vulnerability Exposure (CVE) ID: CVE-2018-16657
Debian Security Information: DSA-4292 (Google Search)
https://www.debian.org/security/2018/dsa-4292
https://skalatan.de/blog/advisory-hw-2018-06
https://lists.debian.org/debian-lts-announce/2018/09/msg00013.html

CVE ID:	CVE-2018-16657
Description:	In Kamailio before 5.0.7 and 5.1.x before 5.1.4, a crafted SIP message with an invalid Via header causes a segmentation fault and crashes Kamailio. The reason is missing input validation in the crcitt_string_array core function for calculating a CRC hash for To tags. (An additional error is present in the check_via_address core function: this function also misses input validation.) This could result in denial of service and potentially the execution of arbitrary code.
Test IDs:	1.3.6.1.4.1.25623.1.0.704292 1.3.6.1.4.1.25623.1.0.891503
Cross References:	Common Vulnerability Exposure (CVE) ID: CVE-2018-16657 Debian Security Information: DSA-4292 (Google Search) https://www.debian.org/security/2018/dsa-4292 https://skalatan.de/blog/advisory-hw-2018-06 https://lists.debian.org/debian-lts-announce/2018/09/msg00013.html