Attachment 193113 Details for Bug 227677 – VuXML update for buffer overflow in Kamailio

[patch] VuXML update for buffer overflow in Kamailio

vuln.xml.diff (text/plain), 1.29 KB, created by Ben Hood on 2018-05-06 20:40:49 UTC

(hide)

Description:

Filename:

MIME Type:

Creator: Ben Hood

Created: 2018-05-06 20:40:49 UTC

Size: 1.29 KB

patch

obsolete

>diff --git security/vuxml/vuln.xml security/vuxml/vuln.xml
>index a8eba80d4b4e..03454d88ddcc 100644
>--- security/vuxml/vuln.xml
>+++ security/vuxml/vuln.xml
>@@ -145184,6 +145184,32 @@ misc.c:
>     </dates>
>   </vuln>
> 
>+  <vuln vid="5af6378b-bd88-4997-bccc-b9ba2daecdd2"
>+    <topic>kamailio - buffer overflow</topic>
>+    <affects>
>+      <package>
>+	<name>kamailio</name>
>+	<range><lt>5.1.2</lt></range>
>+      </package>
>+    </affects>
>+    <description>
>+      <body xmlns="http://www.w3.org/1999/xhtml">
>+	<p>A specially crafted REGISTER message with a malformed branch or 
>+           From tag triggers an off-by-one heap-based buffer overflow in the 
>+           tmx_check_pretran function in modules/tmx/tmx_pretran.c</p>
>+      </body>
>+    </description>
>+    <references>
>+      <cvename>CVE-2018-8828</cvename>
>+      <url>https://www.kamailio.org/w/2018/03/kamailio-security-announcement-tmx-lcr/</url>
>+      <url>https://github.com/EnableSecurity/advisories/tree/master/ES2018-05-kamailio-heap-overflow</url>
>+    </references>
>+    <dates>
>+      <discovery>2018-02-10</discovery>
>+      <entry>2018-05-06</entry>
>+    </dates>
>+  </vuln>
>+
>   <vuln vid="c6b9aee8-3071-11da-af18-000ae4641456">
>     <topic>phpmyfaq -- SQL injection, takeover, path disclosure, remote code execution</topic>
>     <affects>

Actions: View | Diff

Attachments on bug 227677: 192708 | 192709 | 193069 | 193113