[3.2] kamailio: SEAS Module Heap overflow (CVE-2016-2385)
A (remotely exploitable) heap overflow vulnerability was found in
Kamailio v4.3.4.
References:
https://marc.info/?l=oss-security&m=145555708207489&w=2
https://github.com/kamailio/kamailio/commits/4.2/modules/seas/encode\_msg.c
(kamailio 4.2.x)
Patch:
https://github.com/kamailio/kamailio/commit/f50c9c853e7809810099c970780c30b0765b0643
4.2:
https://github.com/kamailio/kamailio/commit/bc4a545aa050dd36c982bf102464edbc14a88753
(from redmine: issue id 5351, created on 2016-03-30, closed on 2016-04-12)
- Relations:
- parent #5347 (closed)
- Changesets:
- Revision cca8048c on 2016-04-11T10:35:59Z:
main/kamailio: security fix (CVE-2016-2385). Fixes #5351