Vulnerability Details : CVE-2018-8828
A Buffer Overflow issue was discovered in Kamailio before 4.4.7, 5.0.x before 5.0.6, and 5.1.x before 5.1.2. A specially crafted REGISTER message with a malformed branch or From tag triggers an off-by-one heap-based buffer overflow in the tmx_check_pretran function in modules/tmx/tmx_pretran.c.
Vulnerability category: OverflowMemory Corruption
Products affected by CVE-2018-8828
- cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
- cpe:2.3:a:kamailio:kamailio:*:*:*:*:*:*:*:*
- cpe:2.3:a:kamailio:kamailio:*:*:*:*:*:*:*:*
- cpe:2.3:a:kamailio:kamailio:*:*:*:*:*:*:*:*
Threat overview for CVE-2018-8828
Top countries where our scanners detected CVE-2018-8828
Top open port discovered on systems with this issue
5060
IPs affected by CVE-2018-8828 156
Threat actors abusing to this issue?
Yes
Find out if you* are
affected by CVE-2018-8828!
*Directly or indirectly through your vendors, service providers and 3rd parties.
Powered by
attack surface intelligence
from SecurityScorecard.
Exploit prediction scoring system (EPSS) score for CVE-2018-8828
13.95%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 95 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2018-8828
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.5
|
HIGH | AV:N/AC:L/Au:N/C:P/I:P/A:P |
10.0
|
6.4
|
NIST | |
9.8
|
CRITICAL | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
3.9
|
5.9
|
NIST |
CWE ids for CVE-2018-8828
-
A product calculates or uses an incorrect maximum or minimum value that is 1 more, or 1 less, than the correct value.Assigned by: nvd@nist.gov (Primary)
-
The product writes data past the end, or before the beginning, of the intended buffer.Assigned by: nvd@nist.gov (Primary)
References for CVE-2018-8828
-
https://github.com/kamailio/kamailio/commit/e1d8008a09d9390ebaf698abe8909e10dfec4097
tmx: allocate space to store ending 0 for branch value · kamailio/kamailio@e1d8008 · GitHubPatch;Third Party Advisory
-
https://github.com/EnableSecurity/advisories/tree/master/ES2018-05-kamailio-heap-overflow
advisories/ES2018-05-kamailio-heap-overflow at master · EnableSecurity/advisories · GitHubThird Party Advisory
-
https://www.debian.org/security/2018/dsa-4148
Debian -- Security Information -- DSA-4148-1 kamailioThird Party Advisory
-
https://usn.ubuntu.com/4240-1/
USN-4240-1: Kamailio vulnerability | Ubuntu security notices
Jump to