Re: CVE Request: Kamailio 4.3.4 SEAS Module Heap overflow

[cve-assign () mitre org]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

> a (remotely exploitable) heap overflow vulnerability was found in
> Kamailio v4.3.4. We have notified the developers and they have addressed
> this through commit:
> https://github.com/kamailio/kamailio/commit/f50c9c853e7809810099c970780c30b0765b0643

> > seas: safety check for target buffer size before copying message in encode_msg()

> > avoid buffer overflow for large SIP messages

> > modules/seas/encode_msg.c

Use CVE-2016-2385.

- -- 
CVE assignment team, MITRE CVE Numbering Authority
M/S M300
202 Burlington Road, Bedford, MA 01730 USA
[ PGP key available through http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJWwghNAAoJEL54rhJi8gl5cv4P/RRMA3ZoAj5Yju7JaOUObi6l
kUmdSs/qqg4N2oz4YXmSvZOkZTFPOsDNuFNaho7wslnd654mCWCC8yvIWOlnBOhK
tC9al/blgwVIUpPk2RwR+5H1V5iIyYRL6V7kZ/SKlpemBevSvLgIf7xvHjgCcvzU
D0qmlWcaRT7wlhrWWD6Zyxez1dMTBzuvYZBfpz4xdYVrppSdOCPbsMdH2+IzChyd
8q/MwVgdPE+9FG+UZe0qqDy7zASNsFR5kCo/A6mMjdl5XfAHTt+ANn40XtKRkawd
8i2Ob8x7tyjv2yhCAa1L/FO5eqQzTR0UcSB9toLJjSNXNqDZvWPVzh/bsW32amr1
+GGqEvv1haFyKT6jOHN5t9xQoyEEb5LstadBrRTLU6h8EDIWza1zAG/PVBPyF2pb
i1O/3NwEu7T7bdVV8y0SbqlgPtan7PxxKI4i8Q9HUdh5tnnd923DLI2IZB+lVkZe
rrSPBiBdA/biCUJkxe6nlA4LOZpbjhiTrttWG1xpSPDpPgu3HwSVvN8/meIPnNjH
6N3oxg/ZmbK5CI0RXEQ6zzoseIxiTZJdkJG5rcUxVdcs8UNMErNw7/9EumJAHdUW
EnPKqSHYFxFC7oGURwTsw0M/NgD8WFIvWj6b7qhS5ITFyhrgwytJGcp/aLK+csJt
WhelUxp3alZJF+dIhKKy
=Il5r
-----END PGP SIGNATURE-----