Vulnerability Description
A Buffer Overflow issue was discovered in Kamailio before 4.4.7, 5.0.x before 5.0.6, and 5.1.x before 5.1.2. A specially crafted REGISTER message with a malformed branch or From tag triggers an off-by-one heap-based buffer overflow in the tmx_check_pretran function in modules/tmx/tmx_pretran.c.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Kamailio | Kamailio | < 4.4.7 |
| Debian | Debian Linux | 8.0 |
Related Weaknesses (CWE)
References
- https://github.com/EnableSecurity/advisories/tree/master/ES2018-05-kamailio-heapThird Party Advisory
- https://github.com/kamailio/kamailio/commit/e1d8008a09d9390ebaf698abe8909e10dfecPatchThird Party Advisory
- https://usn.ubuntu.com/4240-1/
- https://www.debian.org/security/2018/dsa-4148Third Party Advisory
- https://github.com/EnableSecurity/advisories/tree/master/ES2018-05-kamailio-heapThird Party Advisory
- https://github.com/kamailio/kamailio/commit/e1d8008a09d9390ebaf698abe8909e10dfecPatchThird Party Advisory
- https://usn.ubuntu.com/4240-1/
- https://www.debian.org/security/2018/dsa-4148Third Party Advisory
FAQ
What is CVE-2018-8828?
CVE-2018-8828 is a vulnerability with a CVSS score of 9.8 (CRITICAL). A Buffer Overflow issue was discovered in Kamailio before 4.4.7, 5.0.x before 5.0.6, and 5.1.x before 5.1.2. A specially crafted REGISTER message with a malformed branch or From tag triggers an off-by...
How severe is CVE-2018-8828?
CVE-2018-8828 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2018-8828?
Check the references section above for vendor advisories and patch information. Affected products include: Kamailio Kamailio, Debian Debian Linux.