{"id":"CVE-2026-39864","summary":"Kamailio Auth: Processing Vulnerability For Additional Authenticated User Identity Checks","details":"Kamailio is an open source implementation of a SIP Signaling Server. Prior to 6.0.5 and 5.8.7, an out-of-bounds read in the auth module of Kamailio (formerly OpenSER and SER) allows remote attackers to cause a denial of service (process crash) via a specially crafted SIP packet if a successful user authentication without a database backend is followed by additional user identity checks. This vulnerability is fixed in 6.0.5 and 5.8.7.","aliases":["GHSA-6m86-m342-g48m"],"modified":"2026-07-08T08:13:06.408682118Z","published":"2026-04-08T19:58:08.565Z","database_specific":{"cwe_ids":["CWE-125"],"cna_assigner":"GitHub_M","osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/39xxx/CVE-2026-39864.json"},"references":[{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/39xxx/CVE-2026-39864.json"},{"type":"ADVISORY","url":"https://github.com/kamailio/kamailio/security/advisories/GHSA-6m86-m342-g48m"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-39864"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/kamailio/kamailio","events":[{"introduced":"0"},{"fixed":"28bd46f1f22ffacf859504768e7284591ccba126"},{"introduced":"94a546d5e68a484daf64373c047ff5f3c8a927b7"},{"fixed":"900efef637444918d29554160d799404d5420a89"}],"database_specific":{"source":"CPE_RANGE","cpe":"cpe:2.3:a:kamailio:kamailio:*:*:*:*:*:*:*:*","extracted_events":[{"introduced":"0"},{"fixed":"5.8.7"},{"introduced":"6.0.0"},{"fixed":"6.0.5"}]}}],"versions":["6.0.4","6.0.3","6.0.2","5.8.6","6.0.1","6.0.0","5.8.5","5.8.4","5.8.3","5.8.2","5.8.1","5.8.0","sr_3.1_freeze","3.0_pre1","sr_before_modules_merge","before_dest_info_changes_2","before_tm_timers","new_timers","before_new_timers","tmp_pcl_tag_17368Js8","after_0_9_4_pkg_merge","last_merge_to_janakj","rel_0_9_0_root","after_makefile_merges","before_malloc_changes","before_db_api_changes","after_testing_0_8_12_r1_merge","before_testing_0_8_12_r1_merge","after_testing_0_8_12_r0_merge","before_testing_0_8_12_r0_merge","before_tcp_port_aliases","before_socket_info_lists","before_lumps_split","testing_0_8_12_root","v0_8_13dev-t16","v0_8_12dev_t13","v0_8_12dev_t05","v0_8_12dev-t03","v0_8_12_t02_merged_w_v0_8_11pre35","v0_8_11dev34","rel_0_8_11_root","v0_8_11pre29-prerelease-cd","v0_8_11pre29-prerelease","v0_8_11pre29","pre22","bflmpsvz","before_kill_repl_add_rm","v0_8_11_pre9","mem-fixes","v0_8_11pre8","old_mod_iface","after_xl","before_replication_patch","before_xl","pre6-tcp4","pre6-tcp5-tm","tcp2","wo_sp","post-zt","pre-zt","ser_0_8_10","ser_0_8_10_pre5","ser_0_8_10_pre4","ser_0_8_10_pre2","ser_0_8_10_pre3","myself_port_lo","new_hash","ser_0_8_9-release","ser_0_8_9","ser_0_8_8-final-cd-release","v0_8_8","fixstats","pre_fixstats","gpled","pregpl","listen_ifs","before_str2ip_changes","budvar","bigbang","pre-bigbang","srv","ipv6","ipv4_working","ser_0_8_7-0-unstable","ser_0_8_6-6-beer-release","ser_0_8_6-5-stable","ser_0-8-6-4","bogdan_final_version","ser_0839_errors","ser_0_8_3_2","ser_0_8_3_1","sip_083","ser_082","ser_081-plugins","sip_pre-plugin","ser_0_7","new_cfg_compiles","sr_simpleconfig","v03","v0_2"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-39864.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H"}]}