[3.1] kamailio: SEAS Module Heap overflow (CVE-2016-2385)
A (remotely exploitable) heap overflow vulnerability was found in
Kamailio v4.3.4.
References:
https://marc.info/?l=oss-security&m=145555708207489&w=2
https://github.com/kamailio/kamailio/commits/4.2/modules/seas/encode\_msg.c
(kamailio 4.2.x)
Patch:
https://github.com/kamailio/kamailio/commit/f50c9c853e7809810099c970780c30b0765b0643
4.2:
https://github.com/kamailio/kamailio/commit/bc4a545aa050dd36c982bf102464edbc14a88753
(from redmine: issue id 5352, created on 2016-03-30, closed on 2016-04-12)
- Relations:
- parent #5347 (closed)
- Changesets:
- Revision a9eea283 on 2016-04-11T10:44:39Z:
main/kamailio: upgrade to 4.2.7, security fix (CVE-2016-2385). Fixes #5352