Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Mon, 15 Feb 2016 12:23:32 -0500 (EST)
From: cve-assign@...re.org
To: stelios@...sus-labs.com
Cc: cve-assign@...re.org, oss-security@...ts.openwall.com, miconda@...il.com, oriolc@...tele.com, jesusr@...tele.com
Subject: Re: CVE Request: Kamailio 4.3.4 SEAS Module Heap overflow

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

> a (remotely exploitable) heap overflow vulnerability was found in
> Kamailio v4.3.4. We have notified the developers and they have addressed
> this through commit:
> https://github.com/kamailio/kamailio/commit/f50c9c853e7809810099c970780c30b0765b0643

>> seas: safety check for target buffer size before copying message in encode_msg()

>> avoid buffer overflow for large SIP messages

>> modules/seas/encode_msg.c

Use CVE-2016-2385.

- -- 
CVE assignment team, MITRE CVE Numbering Authority
M/S M300
202 Burlington Road, Bedford, MA 01730 USA
[ PGP key available through http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJWwghNAAoJEL54rhJi8gl5cv4P/RRMA3ZoAj5Yju7JaOUObi6l
kUmdSs/qqg4N2oz4YXmSvZOkZTFPOsDNuFNaho7wslnd654mCWCC8yvIWOlnBOhK
tC9al/blgwVIUpPk2RwR+5H1V5iIyYRL6V7kZ/SKlpemBevSvLgIf7xvHjgCcvzU
D0qmlWcaRT7wlhrWWD6Zyxez1dMTBzuvYZBfpz4xdYVrppSdOCPbsMdH2+IzChyd
8q/MwVgdPE+9FG+UZe0qqDy7zASNsFR5kCo/A6mMjdl5XfAHTt+ANn40XtKRkawd
8i2Ob8x7tyjv2yhCAa1L/FO5eqQzTR0UcSB9toLJjSNXNqDZvWPVzh/bsW32amr1
+GGqEvv1haFyKT6jOHN5t9xQoyEEb5LstadBrRTLU6h8EDIWza1zAG/PVBPyF2pb
i1O/3NwEu7T7bdVV8y0SbqlgPtan7PxxKI4i8Q9HUdh5tnnd923DLI2IZB+lVkZe
rrSPBiBdA/biCUJkxe6nlA4LOZpbjhiTrttWG1xpSPDpPgu3HwSVvN8/meIPnNjH
6N3oxg/ZmbK5CI0RXEQ6zzoseIxiTZJdkJG5rcUxVdcs8UNMErNw7/9EumJAHdUW
EnPKqSHYFxFC7oGURwTsw0M/NgD8WFIvWj6b7qhS5ITFyhrgwytJGcp/aLK+csJt
WhelUxp3alZJF+dIhKKy
=Il5r
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ