VYPR
Critical severity9.8OSV Advisory· Published Jul 31, 2018· Updated Jun 17, 2026

CVE-2018-14767

CVE-2018-14767

Description

In Kamailio before 5.0.7 and 5.1.x before 5.1.4, a crafted SIP message with a double "To" header and an empty "To" tag causes a segmentation fault and crash. The reason is missing input validation in the "build_res_buf_from_sip_req" core function. This could result in denial of service and potentially the execution of arbitrary code.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Kamailio/KamailioOSV2 versions
    3.0_pre1, 5.0.0, 5.0.1, …+ 1 more
    • (no CPE)range: 3.0_pre1, 5.0.0, 5.0.1, …
    • (no CPE)range: <5.0.7, <5.1.4

Patches

Vulnerability mechanics

References

3

News mentions

0

No linked articles in our index yet.

CVE-2018-14767 · Critical · VYPR