CNNVD-202510-3654 Information
CNNVD ID
CNNVD-202510-3654
Related CVE
- CNNVD Published: 2025-10-27
Description (Chinese)
Kamailio是Kamailio开源的一个 SIP 信令服务器的开源实现。 Kamailio 5.5版本存在代码问题漏洞,该漏洞源于文件src/core/rvalue.c中的函数rve_is_constant存在空指针取消引用,可能导致本地攻击。
Description (English)
Kamailio is an open source for a SIP message server in Kamailio. There is a code problem loophole in version 5.5 of Kamailio, which stems from the existence of an empty pointer unreferenced in the document src/core/rvalue.c, which could lead to local attacks.
Hazard Level
High
Vulnerability Type
代码问题
Affected Vendor
Kamailio
Published
2025-10-27
Last Modified
2026-02-24
References
https://shimo.im/docs/aBAYMVMB2jUP9jAj/ https://vuldb.com/?submit.673240 http://www.openwall.com/lists/oss-security/2025/10/27/8 http://www.openwall.com/lists/oss-security/2025/10/27/12 https://www.openwall.com/lists/oss-security/2025/10/27/8 https://www.openwall.com/lists/oss-security/2025/11/02/3 https://vuldb.com/?ctiid.329876 https://vuldb.com/?id.329876 https://access.redhat.com/security/cve/cve-2025-12206
Patch
https://www.kamailio.org/w/download/
Share on: