CNNVD-202510-3655 Information
CNNVD ID
CNNVD-202510-3655
Related CVE
- CNNVD Published: 2025-10-27
Description (Chinese)
Kamailio是Kamailio开源的一个 SIP 信令服务器的开源实现。 Kamailio 5.5版本存在资源管理错误漏洞,该漏洞源于文件src/core/cfg.lex中函数sr_push_yy_state存在释放后重用问题。
Description (English)
Kamailio is an open source for a SIP message server in Kamailio. There is a resource management error gap in version 5.5 of Kamailio, which stems from post-release reuse problems in the document src/core/cfg.lex function sr push yy state.
Hazard Level
Medium
Vulnerability Type
资源管理错误
Affected Vendor
Kamailio
Published
2025-10-27
Last Modified
2026-02-24
References
https://shimo.im/docs/ZzkLMVMLOzIRlpAQ/ https://vuldb.com/?id.329875 http://www.openwall.com/lists/oss-security/2025/10/27/8 https://vuldb.com/?ctiid.329875 https://vuldb.com/?submit.673225 http://www.openwall.com/lists/oss-security/2025/10/27/12 https://www.openwall.com/lists/oss-security/2025/10/27/8 https://www.openwall.com/lists/oss-security/2025/11/02/3 https://access.redhat.com/security/cve/cve-2025-12205
Patch
https://www.kamailio.org/w/download/
Share on: