VYPR
Critical severity9.8OSV Advisory· Published Sep 7, 2018· Updated Jun 17, 2026

CVE-2018-16657

CVE-2018-16657

Description

In Kamailio before 5.0.7 and 5.1.x before 5.1.4, a crafted SIP message with an invalid Via header causes a segmentation fault and crashes Kamailio. The reason is missing input validation in the crcitt_string_array core function for calculating a CRC hash for To tags. (An additional error is present in the check_via_address core function: this function also misses input validation.) This could result in denial of service and potentially the execution of arbitrary code.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Kamailio/KamailioOSV2 versions
    3.0_pre1, 5.0.0, 5.0.1, …+ 1 more
    • (no CPE)range: 3.0_pre1, 5.0.0, 5.0.1, …
    • (no CPE)range: <5.0.7, <5.1.4

Patches

Vulnerability mechanics

References

3

News mentions

0

No linked articles in our index yet.