CNNVD-202510-3656 Information
CNNVD ID
CNNVD-202510-3656
Related CVE
- CNNVD Published: 2025-10-27
Description (Chinese)
Kamailio是Kamailio开源的一个 SIP 信令服务器的开源实现。 Kamailio 5.5版本存在缓冲区错误漏洞,该漏洞源于组件Configuration File Handler的文件src/core/rvalue.c中函数rve_destroy存在堆缓冲区溢出,可能导致本地攻击。
Description (English)
Kamailio is an open source for a SIP message server in Kamailio. The version of Kamailio 5.5 contains an error loophole in the buffer zone, which stems from the spilling of the document src/core/rvalue.c function of the component Configuration File Handler, rve destroy, which could lead to local attacks.
Hazard Level
Medium
Vulnerability Type
缓冲区错误
Affected Vendor
Kamailio
Published
2025-10-27
Last Modified
2026-02-24
References
https://vuldb.com/?id.329874 https://vuldb.com/?ctiid.329874 https://vuldb.com/?submit.673224 http://www.openwall.com/lists/oss-security/2025/10/27/12 http://www.openwall.com/lists/oss-security/2025/10/28/1 https://www.openwall.com/lists/oss-security/2025/10/27/8 https://www.openwall.com/lists/oss-security/2025/11/02/3 https://shimo.im/docs/loqeMWMyZGtpEYqn/ https://access.redhat.com/security/cve/cve-2025-12204
Patch
https://www.kamailio.org/w/download/
Share on: