CNNVD-202510-3653 Information
CNNVD ID
CNNVD-202510-3653
Related CVE
- CNNVD Published: 2025-10-27
Description (Chinese)
Kamailio是Kamailio开源的一个 SIP 信令服务器的开源实现。 Kamailio 5.5版本存在代码问题漏洞,该漏洞源于文件src/core/cfg.y中函数yyerror_at存在空指针取消引用,可能导致本地攻击。
Description (English)
Kamailio is an open source for a SIP message server in Kamailio. There is a code problem loophole in version 5.5 of Kamailio, which stems from the availability of an empty pointer unreferenced in the document src/core/cfg.y, which could lead to local attacks.
Hazard Level
High
Vulnerability Type
代码问题
Affected Vendor
Kamailio
Published
2025-10-27
Last Modified
2026-02-24
References
https://vuldb.com/?submit.673241 http://www.openwall.com/lists/oss-security/2025/10/27/8 http://www.openwall.com/lists/oss-security/2025/10/27/12 https://www.openwall.com/lists/oss-security/2025/10/27/8 https://vuldb.com/?ctiid.329877 https://www.openwall.com/lists/oss-security/2025/11/02/3 https://vuldb.com/?id.329877 https://shimo.im/docs/vVqRMVMlrycMO63y https://shimo.im/docs/vVqRMVMlrycMO63y/ https://access.redhat.com/security/cve/cve-2025-12207
Patch
https://www.kamailio.org/w/download/
Share on: