vulnerability
Ubuntu: USN-7416-1 (CVE-2016-2385): Kamailio vulnerabilities
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 10 | (AV:N/AC:L/Au:N/C:C/I:C/A:C) | Apr 11, 2016 | Apr 7, 2025 | Aug 18, 2025 |
Description
Stelios Tsampas discovered that Kamailio did not correctly handle certain
memory operations, which could lead to a buffer overflow. A remote attacker
could possibly use this issue to cause a denial of service or execute
arbitrary code. This issue only affected Ubuntu 16.04 LTS. (CVE-2016-2385)
Henning Westerholt discovered that Kamailio did not correctly handle
duplicated headers, which could lead to a segmentation fault. A remote
attacker could possibly use this issue to cause a denial of service or
execute arbitrary code. This issue only affected Ubuntu 16.04 LTS and
Ubuntu 18.04 LTS. (CVE-2018-14767)
It was discovered that Kamailio did not correctly handle parsing certain
headers containing whitespace characters. An authenticated attacker could
possibly use this issue to gain access to unauthorized resources and
expose sensitive information. This issue only affected Ubuntu 18.04 LTS
and Ubuntu 20.04 LTS. (CVE-2020-28361)
Solution
References
- CVE-2016-2385
- https://attackerkb.com/topics/CVE-2016-2385
- CWE-119
- UBUNTU-USN-7416-1
- URL-http://www.openwall.com/lists/oss-security/2016/02/15/4
- URL-https://github.com/kamailio/kamailio/commit/f50c9c853e7809810099c970780c30b0765b0643
- URL-https://ubuntu.com/security/notices/USN-7416-1
- URL-https://www.cve.org/CVERecord?id=CVE-2016-2385
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.