Kamailio
Products
1- 15 CVEs
Recent CVEs
15| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2018-16657 | Cri | 0.64 | 9.8 | 0.04 | Sep 7, 2018 | In Kamailio before 5.0.7 and 5.1.x before 5.1.4, a crafted SIP message with an invalid Via header causes a segmentation fault and crashes Kamailio. The reason is missing input validation in the crcitt_string_array core function for calculating a CRC hash for To tags. (An… | ||
| CVE-2013-7426 | Cri | 0.64 | 9.8 | 0.02 | Aug 29, 2017 | Insecure Temporary file vulnerability in /tmp/kamailio_fifo in kamailio 4.0.1. | ||
| CVE-2016-2385 | Cri | 0.62 | 9.8 | 0.31 | Apr 11, 2016 | Heap-based buffer overflow in the encode_msg function in encode_msg.c in the SEAS module in Kamailio (formerly OpenSER and SER) before 4.3.5 allows remote attackers to cause a denial of service (memory corruption and process crash) or possibly execute arbitrary code via a large… | ||
| CVE-2018-14767 | Cri | 0.59 | 9.8 | 0.29 | Jul 31, 2018 | In Kamailio before 5.0.7 and 5.1.x before 5.1.4, a crafted SIP message with a double "To" header and an empty "To" tag causes a segmentation fault and crash. The reason is missing input validation in the "build_res_buf_from_sip_req" core function. This could result in denial of… | ||
| CVE-2015-1591 | Hig | 0.51 | 7.8 | 0.00 | Jun 27, 2017 | The kamailio build in kamailio before 4.2.0-2 process allows local users to gain privileges. | ||
| CVE-2015-1590 | Hig | 0.44 | 7.8 | 0.00 | Sep 7, 2017 | The kamcmd administrative utility and default configuration in kamailio before 4.3.0 use /tmp/kamailio_ctl. | ||
| CVE-2026-39863 | Hig | 0.42 | 7.5 | 0.00 | Apr 8, 2026 | Kamailio is an open source implementation of a SIP Signaling Server. Prior to 6.1.1, 6.0.6, and 5.8.8, an out-of-bounds access in the core of Kamailio (formerly OpenSER and SER) allows remote attackers to cause a denial of service (process crash) via a specially crafted data… | ||
| CVE-2025-12205 | Med | 0.34 | 5.3 | 0.00 | Oct 27, 2025 | A vulnerability was detected in Kamailio 5.5. The affected element is the function sr_push_yy_state of the file src/core/cfg.lex of the component Configuration File Handler. The manipulation results in use after free. The attack must be initiated from a local position. The… | ||
| CVE-2025-12204 | Med | 0.34 | 5.3 | 0.00 | Oct 27, 2025 | A security vulnerability has been detected in Kamailio 5.5. Impacted is the function rve_destroy of the file src/core/rvalue.c of the component Configuration File Handler. The manipulation leads to heap-based buffer overflow. The attack must be carried out locally. The exploit… | ||
| CVE-2026-39864 | Med | 0.22 | 4.4 | 0.00 | Apr 8, 2026 | Kamailio is an open source implementation of a SIP Signaling Server. Prior to 6.0.5 and 5.8.7, an out-of-bounds read in the auth module of Kamailio (formerly OpenSER and SER) allows remote attackers to cause a denial of service (process crash) via a specially crafted SIP packet… | ||
| CVE-2025-12207 | Low | 0.21 | 3.3 | 0.00 | Oct 27, 2025 | A vulnerability has been found in Kamailio 5.5. This affects the function yyerror_at of the file src/core/cfg.y of the component Grammar Rule Handler. Such manipulation leads to null pointer dereference. The attack needs to be performed locally. The exploit has been disclosed to… | ||
| CVE-2025-12206 | Low | 0.21 | 3.3 | 0.00 | Oct 27, 2025 | A flaw has been found in Kamailio 5.5. The impacted element is the function rve_is_constant of the file src/core/rvalue.c. This manipulation causes null pointer dereference. The attack needs to be launched locally. The exploit has been published and may be used. It is still… | ||
| CVE-2018-8828 | Cri | 0.03 | 9.8 | 0.31 | Mar 20, 2018 | A Buffer Overflow issue was discovered in Kamailio before 4.4.7, 5.0.x before 5.0.6, and 5.1.x before 5.1.2. A specially crafted REGISTER message with a malformed branch or From tag triggers an off-by-one heap-based buffer overflow in the tmx_check_pretran function in… | ||
| CVE-2020-27507 | 0.00 | — | 0.01 | Mar 15, 2023 | The Kamailio SIP before 5.5.0 server mishandles INVITE requests with duplicated fields and overlength tag, leading to a buffer overflow that crashes the server or possibly have unspecified other impact. | |||
| CVE-2020-28361 | 0.00 | — | 0.01 | Nov 18, 2020 | Kamailio before 5.4.0, as used in Sip Express Router (SER) in Sippy Softswitch 4.5 through 5.2 and other products, allows a bypass of a header-removal protection mechanism via whitespace characters. This occurs in the remove_hf function in the Kamailio textops module. Particular… |
- risk 0.64cvss 9.8epss 0.04
In Kamailio before 5.0.7 and 5.1.x before 5.1.4, a crafted SIP message with an invalid Via header causes a segmentation fault and crashes Kamailio. The reason is missing input validation in the crcitt_string_array core function for calculating a CRC hash for To tags. (An…
- risk 0.64cvss 9.8epss 0.02
Insecure Temporary file vulnerability in /tmp/kamailio_fifo in kamailio 4.0.1.
- risk 0.62cvss 9.8epss 0.31
Heap-based buffer overflow in the encode_msg function in encode_msg.c in the SEAS module in Kamailio (formerly OpenSER and SER) before 4.3.5 allows remote attackers to cause a denial of service (memory corruption and process crash) or possibly execute arbitrary code via a large…
- risk 0.59cvss 9.8epss 0.29
In Kamailio before 5.0.7 and 5.1.x before 5.1.4, a crafted SIP message with a double "To" header and an empty "To" tag causes a segmentation fault and crash. The reason is missing input validation in the "build_res_buf_from_sip_req" core function. This could result in denial of…
- risk 0.51cvss 7.8epss 0.00
The kamailio build in kamailio before 4.2.0-2 process allows local users to gain privileges.
- risk 0.44cvss 7.8epss 0.00
The kamcmd administrative utility and default configuration in kamailio before 4.3.0 use /tmp/kamailio_ctl.
- risk 0.42cvss 7.5epss 0.00
Kamailio is an open source implementation of a SIP Signaling Server. Prior to 6.1.1, 6.0.6, and 5.8.8, an out-of-bounds access in the core of Kamailio (formerly OpenSER and SER) allows remote attackers to cause a denial of service (process crash) via a specially crafted data…
- risk 0.34cvss 5.3epss 0.00
A vulnerability was detected in Kamailio 5.5. The affected element is the function sr_push_yy_state of the file src/core/cfg.lex of the component Configuration File Handler. The manipulation results in use after free. The attack must be initiated from a local position. The…
- risk 0.34cvss 5.3epss 0.00
A security vulnerability has been detected in Kamailio 5.5. Impacted is the function rve_destroy of the file src/core/rvalue.c of the component Configuration File Handler. The manipulation leads to heap-based buffer overflow. The attack must be carried out locally. The exploit…
- risk 0.22cvss 4.4epss 0.00
Kamailio is an open source implementation of a SIP Signaling Server. Prior to 6.0.5 and 5.8.7, an out-of-bounds read in the auth module of Kamailio (formerly OpenSER and SER) allows remote attackers to cause a denial of service (process crash) via a specially crafted SIP packet…
- risk 0.21cvss 3.3epss 0.00
A vulnerability has been found in Kamailio 5.5. This affects the function yyerror_at of the file src/core/cfg.y of the component Grammar Rule Handler. Such manipulation leads to null pointer dereference. The attack needs to be performed locally. The exploit has been disclosed to…
- risk 0.21cvss 3.3epss 0.00
A flaw has been found in Kamailio 5.5. The impacted element is the function rve_is_constant of the file src/core/rvalue.c. This manipulation causes null pointer dereference. The attack needs to be launched locally. The exploit has been published and may be used. It is still…
- risk 0.03cvss 9.8epss 0.31
A Buffer Overflow issue was discovered in Kamailio before 4.4.7, 5.0.x before 5.0.6, and 5.1.x before 5.1.2. A specially crafted REGISTER message with a malformed branch or From tag triggers an off-by-one heap-based buffer overflow in the tmx_check_pretran function in…
- CVE-2020-27507Mar 15, 2023risk 0.00cvss —epss 0.01
The Kamailio SIP before 5.5.0 server mishandles INVITE requests with duplicated fields and overlength tag, leading to a buffer overflow that crashes the server or possibly have unspecified other impact.
- CVE-2020-28361Nov 18, 2020risk 0.00cvss —epss 0.01
Kamailio before 5.4.0, as used in Sip Express Router (SER) in Sippy Softswitch 4.5 through 5.2 and other products, allows a bypass of a header-removal protection mechanism via whitespace characters. This occurs in the remove_hf function in the Kamailio textops module. Particular…