usn-7416-1
Vulnerability from osv_ubuntu
Stelios Tsampas discovered that Kamailio did not correctly handle certain memory operations, which could lead to a buffer overflow. A remote attacker could possibly use this issue to cause a denial of service or execute arbitrary code. This issue only affected Ubuntu 16.04 LTS. (CVE-2016-2385)
Henning Westerholt discovered that Kamailio did not correctly handle duplicated headers, which could lead to a segmentation fault. A remote attacker could possibly use this issue to cause a denial of service or execute arbitrary code. This issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. (CVE-2018-14767)
It was discovered that Kamailio did not correctly handle parsing certain headers containing whitespace characters. An authenticated attacker could possibly use this issue to gain access to unauthorized resources and expose sensitive information. This issue only affected Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. (CVE-2020-28361)
{
"affected": [
{
"database_specific": {
"cves_map": {
"cves": [
{
"id": "CVE-2016-2385",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2018-14767",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "low",
"type": "Ubuntu"
}
]
}
],
"ecosystem": "Ubuntu:Pro:16.04:LTS"
}
},
"ecosystem_specific": {
"availability": "Available with Ubuntu Pro: https://ubuntu.com/pro",
"binaries": [
{
"binary_name": "kamailio",
"binary_version": "4.3.4-1.1ubuntu2.1+esm2"
},
{
"binary_name": "kamailio-autheph-modules",
"binary_version": "4.3.4-1.1ubuntu2.1+esm2"
},
{
"binary_name": "kamailio-berkeley-bin",
"binary_version": "4.3.4-1.1ubuntu2.1+esm2"
},
{
"binary_name": "kamailio-berkeley-modules",
"binary_version": "4.3.4-1.1ubuntu2.1+esm2"
},
{
"binary_name": "kamailio-carrierroute-modules",
"binary_version": "4.3.4-1.1ubuntu2.1+esm2"
},
{
"binary_name": "kamailio-cnxcc-modules",
"binary_version": "4.3.4-1.1ubuntu2.1+esm2"
},
{
"binary_name": "kamailio-cpl-modules",
"binary_version": "4.3.4-1.1ubuntu2.1+esm2"
},
{
"binary_name": "kamailio-dnssec-modules",
"binary_version": "4.3.4-1.1ubuntu2.1+esm2"
},
{
"binary_name": "kamailio-erlang-modules",
"binary_version": "4.3.4-1.1ubuntu2.1+esm2"
},
{
"binary_name": "kamailio-extra-modules",
"binary_version": "4.3.4-1.1ubuntu2.1+esm2"
},
{
"binary_name": "kamailio-geoip-modules",
"binary_version": "4.3.4-1.1ubuntu2.1+esm2"
},
{
"binary_name": "kamailio-ims-modules",
"binary_version": "4.3.4-1.1ubuntu2.1+esm2"
},
{
"binary_name": "kamailio-java-modules",
"binary_version": "4.3.4-1.1ubuntu2.1+esm2"
},
{
"binary_name": "kamailio-json-modules",
"binary_version": "4.3.4-1.1ubuntu2.1+esm2"
},
{
"binary_name": "kamailio-kazoo-modules",
"binary_version": "4.3.4-1.1ubuntu2.1+esm2"
},
{
"binary_name": "kamailio-ldap-modules",
"binary_version": "4.3.4-1.1ubuntu2.1+esm2"
},
{
"binary_name": "kamailio-lua-modules",
"binary_version": "4.3.4-1.1ubuntu2.1+esm2"
},
{
"binary_name": "kamailio-memcached-modules",
"binary_version": "4.3.4-1.1ubuntu2.1+esm2"
},
{
"binary_name": "kamailio-mono-modules",
"binary_version": "4.3.4-1.1ubuntu2.1+esm2"
},
{
"binary_name": "kamailio-mysql-modules",
"binary_version": "4.3.4-1.1ubuntu2.1+esm2"
},
{
"binary_name": "kamailio-outbound-modules",
"binary_version": "4.3.4-1.1ubuntu2.1+esm2"
},
{
"binary_name": "kamailio-perl-modules",
"binary_version": "4.3.4-1.1ubuntu2.1+esm2"
},
{
"binary_name": "kamailio-postgres-modules",
"binary_version": "4.3.4-1.1ubuntu2.1+esm2"
},
{
"binary_name": "kamailio-presence-modules",
"binary_version": "4.3.4-1.1ubuntu2.1+esm2"
},
{
"binary_name": "kamailio-purple-modules",
"binary_version": "4.3.4-1.1ubuntu2.1+esm2"
},
{
"binary_name": "kamailio-python-modules",
"binary_version": "4.3.4-1.1ubuntu2.1+esm2"
},
{
"binary_name": "kamailio-radius-modules",
"binary_version": "4.3.4-1.1ubuntu2.1+esm2"
},
{
"binary_name": "kamailio-redis-modules",
"binary_version": "4.3.4-1.1ubuntu2.1+esm2"
},
{
"binary_name": "kamailio-sctp-modules",
"binary_version": "4.3.4-1.1ubuntu2.1+esm2"
},
{
"binary_name": "kamailio-snmpstats-modules",
"binary_version": "4.3.4-1.1ubuntu2.1+esm2"
},
{
"binary_name": "kamailio-sqlite-modules",
"binary_version": "4.3.4-1.1ubuntu2.1+esm2"
},
{
"binary_name": "kamailio-tls-modules",
"binary_version": "4.3.4-1.1ubuntu2.1+esm2"
},
{
"binary_name": "kamailio-unixodbc-modules",
"binary_version": "4.3.4-1.1ubuntu2.1+esm2"
},
{
"binary_name": "kamailio-utils-modules",
"binary_version": "4.3.4-1.1ubuntu2.1+esm2"
},
{
"binary_name": "kamailio-websocket-modules",
"binary_version": "4.3.4-1.1ubuntu2.1+esm2"
},
{
"binary_name": "kamailio-xml-modules",
"binary_version": "4.3.4-1.1ubuntu2.1+esm2"
},
{
"binary_name": "kamailio-xmpp-modules",
"binary_version": "4.3.4-1.1ubuntu2.1+esm2"
}
]
},
"package": {
"ecosystem": "Ubuntu:Pro:16.04:LTS",
"name": "kamailio",
"purl": "pkg:deb/ubuntu/kamailio@4.3.4-1.1ubuntu2.1+esm2?arch=source\u0026distro=esm-apps/xenial"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "4.3.4-1.1ubuntu2.1+esm2"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"4.3.1-2ubuntu1",
"4.3.4-1.1ubuntu1",
"4.3.4-1.1ubuntu2",
"4.3.4-1.1ubuntu2.1",
"4.3.4-1.1ubuntu2.1+esm1"
]
},
{
"database_specific": {
"cves_map": {
"cves": [
{
"id": "CVE-2018-14767",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "low",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2020-28361",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
}
],
"ecosystem": "Ubuntu:Pro:18.04:LTS"
}
},
"ecosystem_specific": {
"availability": "Available with Ubuntu Pro: https://ubuntu.com/pro",
"binaries": [
{
"binary_name": "kamailio",
"binary_version": "5.1.2-1ubuntu2+esm2"
},
{
"binary_name": "kamailio-autheph-modules",
"binary_version": "5.1.2-1ubuntu2+esm2"
},
{
"binary_name": "kamailio-berkeley-bin",
"binary_version": "5.1.2-1ubuntu2+esm2"
},
{
"binary_name": "kamailio-berkeley-modules",
"binary_version": "5.1.2-1ubuntu2+esm2"
},
{
"binary_name": "kamailio-carrierroute-modules",
"binary_version": "5.1.2-1ubuntu2+esm2"
},
{
"binary_name": "kamailio-cnxcc-modules",
"binary_version": "5.1.2-1ubuntu2+esm2"
},
{
"binary_name": "kamailio-cpl-modules",
"binary_version": "5.1.2-1ubuntu2+esm2"
},
{
"binary_name": "kamailio-erlang-modules",
"binary_version": "5.1.2-1ubuntu2+esm2"
},
{
"binary_name": "kamailio-extra-modules",
"binary_version": "5.1.2-1ubuntu2+esm2"
},
{
"binary_name": "kamailio-geoip-modules",
"binary_version": "5.1.2-1ubuntu2+esm2"
},
{
"binary_name": "kamailio-geoip2-modules",
"binary_version": "5.1.2-1ubuntu2+esm2"
},
{
"binary_name": "kamailio-ims-modules",
"binary_version": "5.1.2-1ubuntu2+esm2"
},
{
"binary_name": "kamailio-json-modules",
"binary_version": "5.1.2-1ubuntu2+esm2"
},
{
"binary_name": "kamailio-kazoo-modules",
"binary_version": "5.1.2-1ubuntu2+esm2"
},
{
"binary_name": "kamailio-ldap-modules",
"binary_version": "5.1.2-1ubuntu2+esm2"
},
{
"binary_name": "kamailio-lua-modules",
"binary_version": "5.1.2-1ubuntu2+esm2"
},
{
"binary_name": "kamailio-memcached-modules",
"binary_version": "5.1.2-1ubuntu2+esm2"
},
{
"binary_name": "kamailio-mongodb-modules",
"binary_version": "5.1.2-1ubuntu2+esm2"
},
{
"binary_name": "kamailio-mono-modules",
"binary_version": "5.1.2-1ubuntu2+esm2"
},
{
"binary_name": "kamailio-mysql-modules",
"binary_version": "5.1.2-1ubuntu2+esm2"
},
{
"binary_name": "kamailio-outbound-modules",
"binary_version": "5.1.2-1ubuntu2+esm2"
},
{
"binary_name": "kamailio-perl-modules",
"binary_version": "5.1.2-1ubuntu2+esm2"
},
{
"binary_name": "kamailio-phonenum-modules",
"binary_version": "5.1.2-1ubuntu2+esm2"
},
{
"binary_name": "kamailio-postgres-modules",
"binary_version": "5.1.2-1ubuntu2+esm2"
},
{
"binary_name": "kamailio-presence-modules",
"binary_version": "5.1.2-1ubuntu2+esm2"
},
{
"binary_name": "kamailio-python-modules",
"binary_version": "5.1.2-1ubuntu2+esm2"
},
{
"binary_name": "kamailio-rabbitmq-modules",
"binary_version": "5.1.2-1ubuntu2+esm2"
},
{
"binary_name": "kamailio-radius-modules",
"binary_version": "5.1.2-1ubuntu2+esm2"
},
{
"binary_name": "kamailio-redis-modules",
"binary_version": "5.1.2-1ubuntu2+esm2"
},
{
"binary_name": "kamailio-sctp-modules",
"binary_version": "5.1.2-1ubuntu2+esm2"
},
{
"binary_name": "kamailio-snmpstats-modules",
"binary_version": "5.1.2-1ubuntu2+esm2"
},
{
"binary_name": "kamailio-sqlite-modules",
"binary_version": "5.1.2-1ubuntu2+esm2"
},
{
"binary_name": "kamailio-systemd-modules",
"binary_version": "5.1.2-1ubuntu2+esm2"
},
{
"binary_name": "kamailio-tls-modules",
"binary_version": "5.1.2-1ubuntu2+esm2"
},
{
"binary_name": "kamailio-unixodbc-modules",
"binary_version": "5.1.2-1ubuntu2+esm2"
},
{
"binary_name": "kamailio-utils-modules",
"binary_version": "5.1.2-1ubuntu2+esm2"
},
{
"binary_name": "kamailio-websocket-modules",
"binary_version": "5.1.2-1ubuntu2+esm2"
},
{
"binary_name": "kamailio-xml-modules",
"binary_version": "5.1.2-1ubuntu2+esm2"
},
{
"binary_name": "kamailio-xmpp-modules",
"binary_version": "5.1.2-1ubuntu2+esm2"
}
]
},
"package": {
"ecosystem": "Ubuntu:Pro:18.04:LTS",
"name": "kamailio",
"purl": "pkg:deb/ubuntu/kamailio@5.1.2-1ubuntu2+esm2?arch=source\u0026distro=esm-apps/bionic"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "5.1.2-1ubuntu2+esm2"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"4.4.2-3ubuntu5",
"5.0.4-1ubuntu1",
"5.1.1-1ubuntu1",
"5.1.1-1ubuntu4",
"5.1.2-1ubuntu1",
"5.1.2-1ubuntu2",
"5.1.2-1ubuntu2+esm1"
]
},
{
"database_specific": {
"cves_map": {
"cves": [
{
"id": "CVE-2020-28361",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
}
],
"ecosystem": "Ubuntu:Pro:20.04:LTS"
}
},
"ecosystem_specific": {
"availability": "Available with Ubuntu Pro: https://ubuntu.com/pro",
"binaries": [
{
"binary_name": "kamailio",
"binary_version": "5.3.2-1ubuntu0.1~esm2"
},
{
"binary_name": "kamailio-autheph-modules",
"binary_version": "5.3.2-1ubuntu0.1~esm2"
},
{
"binary_name": "kamailio-berkeley-bin",
"binary_version": "5.3.2-1ubuntu0.1~esm2"
},
{
"binary_name": "kamailio-berkeley-modules",
"binary_version": "5.3.2-1ubuntu0.1~esm2"
},
{
"binary_name": "kamailio-cnxcc-modules",
"binary_version": "5.3.2-1ubuntu0.1~esm2"
},
{
"binary_name": "kamailio-cpl-modules",
"binary_version": "5.3.2-1ubuntu0.1~esm2"
},
{
"binary_name": "kamailio-erlang-modules",
"binary_version": "5.3.2-1ubuntu0.1~esm2"
},
{
"binary_name": "kamailio-extra-modules",
"binary_version": "5.3.2-1ubuntu0.1~esm2"
},
{
"binary_name": "kamailio-geoip-modules",
"binary_version": "5.3.2-1ubuntu0.1~esm2"
},
{
"binary_name": "kamailio-geoip2-modules",
"binary_version": "5.3.2-1ubuntu0.1~esm2"
},
{
"binary_name": "kamailio-ims-modules",
"binary_version": "5.3.2-1ubuntu0.1~esm2"
},
{
"binary_name": "kamailio-json-modules",
"binary_version": "5.3.2-1ubuntu0.1~esm2"
},
{
"binary_name": "kamailio-kazoo-modules",
"binary_version": "5.3.2-1ubuntu0.1~esm2"
},
{
"binary_name": "kamailio-ldap-modules",
"binary_version": "5.3.2-1ubuntu0.1~esm2"
},
{
"binary_name": "kamailio-lua-modules",
"binary_version": "5.3.2-1ubuntu0.1~esm2"
},
{
"binary_name": "kamailio-memcached-modules",
"binary_version": "5.3.2-1ubuntu0.1~esm2"
},
{
"binary_name": "kamailio-mongodb-modules",
"binary_version": "5.3.2-1ubuntu0.1~esm2"
},
{
"binary_name": "kamailio-mono-modules",
"binary_version": "5.3.2-1ubuntu0.1~esm2"
},
{
"binary_name": "kamailio-mysql-modules",
"binary_version": "5.3.2-1ubuntu0.1~esm2"
},
{
"binary_name": "kamailio-outbound-modules",
"binary_version": "5.3.2-1ubuntu0.1~esm2"
},
{
"binary_name": "kamailio-perl-modules",
"binary_version": "5.3.2-1ubuntu0.1~esm2"
},
{
"binary_name": "kamailio-phonenum-modules",
"binary_version": "5.3.2-1ubuntu0.1~esm2"
},
{
"binary_name": "kamailio-postgres-modules",
"binary_version": "5.3.2-1ubuntu0.1~esm2"
},
{
"binary_name": "kamailio-presence-modules",
"binary_version": "5.3.2-1ubuntu0.1~esm2"
},
{
"binary_name": "kamailio-python3-modules",
"binary_version": "5.3.2-1ubuntu0.1~esm2"
},
{
"binary_name": "kamailio-rabbitmq-modules",
"binary_version": "5.3.2-1ubuntu0.1~esm2"
},
{
"binary_name": "kamailio-radius-modules",
"binary_version": "5.3.2-1ubuntu0.1~esm2"
},
{
"binary_name": "kamailio-redis-modules",
"binary_version": "5.3.2-1ubuntu0.1~esm2"
},
{
"binary_name": "kamailio-ruby-modules",
"binary_version": "5.3.2-1ubuntu0.1~esm2"
},
{
"binary_name": "kamailio-sctp-modules",
"binary_version": "5.3.2-1ubuntu0.1~esm2"
},
{
"binary_name": "kamailio-snmpstats-modules",
"binary_version": "5.3.2-1ubuntu0.1~esm2"
},
{
"binary_name": "kamailio-sqlite-modules",
"binary_version": "5.3.2-1ubuntu0.1~esm2"
},
{
"binary_name": "kamailio-systemd-modules",
"binary_version": "5.3.2-1ubuntu0.1~esm2"
},
{
"binary_name": "kamailio-tls-modules",
"binary_version": "5.3.2-1ubuntu0.1~esm2"
},
{
"binary_name": "kamailio-unixodbc-modules",
"binary_version": "5.3.2-1ubuntu0.1~esm2"
},
{
"binary_name": "kamailio-utils-modules",
"binary_version": "5.3.2-1ubuntu0.1~esm2"
},
{
"binary_name": "kamailio-websocket-modules",
"binary_version": "5.3.2-1ubuntu0.1~esm2"
},
{
"binary_name": "kamailio-xml-modules",
"binary_version": "5.3.2-1ubuntu0.1~esm2"
},
{
"binary_name": "kamailio-xmpp-modules",
"binary_version": "5.3.2-1ubuntu0.1~esm2"
}
]
},
"package": {
"ecosystem": "Ubuntu:Pro:20.04:LTS",
"name": "kamailio",
"purl": "pkg:deb/ubuntu/kamailio@5.3.2-1ubuntu0.1~esm2?arch=source\u0026distro=esm-apps/focal"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "5.3.2-1ubuntu0.1~esm2"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"5.2.3-1build3",
"5.2.3-1build4",
"5.3.0-2",
"5.3.1-1",
"5.3.2-1build1",
"5.3.2-1build2",
"5.3.2-1build3",
"5.3.2-1ubuntu0.1~esm1"
]
}
],
"aliases": [],
"details": "Stelios Tsampas discovered that Kamailio did not correctly handle certain\nmemory operations, which could lead to a buffer overflow. A remote attacker\ncould possibly use this issue to cause a denial of service or execute\narbitrary code. This issue only affected Ubuntu 16.04 LTS. (CVE-2016-2385)\n\nHenning Westerholt discovered that Kamailio did not correctly handle\nduplicated headers, which could lead to a segmentation fault. A remote\nattacker could possibly use this issue to cause a denial of service or\nexecute arbitrary code. This issue only affected Ubuntu 16.04 LTS and\nUbuntu 18.04 LTS. (CVE-2018-14767)\n\nIt was discovered that Kamailio did not correctly handle parsing certain\nheaders containing whitespace characters. An authenticated attacker could\npossibly use this issue to gain access to unauthorized resources and\nexpose sensitive information. This issue only affected Ubuntu 18.04 LTS\nand Ubuntu 20.04 LTS. (CVE-2020-28361)\n",
"id": "USN-7416-1",
"modified": "2026-06-25T10:46:45Z",
"published": "2025-04-07T01:35:36Z",
"references": [
{
"type": "ADVISORY",
"url": "https://ubuntu.com/security/notices/USN-7416-1"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2016-2385"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2018-14767"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2020-28361"
}
],
"related": [],
"schema_version": "1.7.0",
"summary": "kamailio vulnerabilities",
"upstream": [
"UBUNTU-CVE-2016-2385",
"UBUNTU-CVE-2018-14767",
"UBUNTU-CVE-2020-28361"
]
}
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.