{"id":"CVE-2018-16657","details":"In Kamailio before 5.0.7 and 5.1.x before 5.1.4, a crafted SIP message with an invalid Via header causes a segmentation fault and crashes Kamailio. The reason is missing input validation in the crcitt_string_array core function for calculating a CRC hash for To tags. (An additional error is present in the check_via_address core function: this function also misses input validation.) This could result in denial of service and potentially the execution of arbitrary code.","modified":"2026-04-10T04:06:49.018911Z","published":"2018-09-07T14:29:03.397Z","references":[{"type":"ADVISORY","url":"https://lists.debian.org/debian-lts-announce/2018/09/msg00013.html"},{"type":"ADVISORY","url":"https://www.debian.org/security/2018/dsa-4292"},{"type":"FIX","url":"https://skalatan.de/blog/advisory-hw-2018-06"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/kamailio/kamailio","events":[{"introduced":"0"},{"fixed":"743c2d71beda536be3dd3b07b0f9b1d4b7e42743"},{"introduced":"28011aa9fdca7012103506d9a437c8e44dc8963c"},{"fixed":"b7547543f64511ca7103f21e24c839127b01a3f4"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"5.0.7"},{"introduced":"5.1.0"},{"fixed":"5.1.4"}]}}],"versions":["3.0_pre1","5.0.0","5.0.1","5.0.2","5.0.3","5.0.4","5.0.5","5.0.6","5.1.0","5.1.1","5.1.2","5.1.3","after_0_9_4_pkg_merge","after_makefile_merges","after_testing_0_8_12_r0_merge","after_testing_0_8_12_r1_merge","after_xl","before_db_api_changes","before_dest_info_changes_2","before_kill_repl_add_rm","before_lumps_split","before_malloc_changes","before_new_timers","before_replication_patch","before_socket_info_lists","before_str2ip_changes","before_tcp_port_aliases","before_testing_0_8_12_r0_merge","before_testing_0_8_12_r1_merge","before_tm_timers","before_xl","bflmpsvz","bigbang","bogdan_final_version","budvar","fixstats","gpled","ipv4_working","ipv6","last_merge_to_janakj","listen_ifs","mem-fixes","myself_port_lo","new_cfg_compiles","new_hash","new_timers","old_mod_iface","post-zt","pre-bigbang","pre-zt","pre22","pre6-tcp4","pre6-tcp5-tm","pre_fixstats","pregpl","rel_0_8_11_root","rel_0_9_0_root","ser_0-8-6-4","ser_081-plugins","ser_082","ser_0839_errors","ser_0_7","ser_0_8_10","ser_0_8_10_pre2","ser_0_8_10_pre3","ser_0_8_10_pre4","ser_0_8_10_pre5","ser_0_8_3_1","ser_0_8_3_2","ser_0_8_6-5-stable","ser_0_8_6-6-beer-release","ser_0_8_7-0-unstable","ser_0_8_8-final-cd-release","ser_0_8_9","ser_0_8_9-release","sip_083","sip_pre-plugin","sr_3.1_freeze","sr_before_modules_merge","sr_simpleconfig","srv","tcp2","testing_0_8_12_root","tmp_pcl_tag_17368Js8","v03","v0_2","v0_8_11_pre9","v0_8_11dev34","v0_8_11pre29","v0_8_11pre29-prerelease","v0_8_11pre29-prerelease-cd","v0_8_11pre8","v0_8_12_t02_merged_w_v0_8_11pre35","v0_8_12dev-t03","v0_8_12dev_t05","v0_8_12dev_t13","v0_8_13dev-t16","v0_8_8","wo_sp"],"database_specific":{"unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"8.0"}]},{"events":[{"introduced":"0"},{"last_affected":"9.0"}]}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-16657.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}