Debian Security Advisory
DLA-3438-1 kamailio -- LTS security update
- Date Reported:
- 30 May 2023
- Affected Packages:
- Security database references:
- In Mitre's CVE dictionary: CVE-2020-27507.
- More information:
It was discovered that there was a potential denial-of-service (DoS) attack in the Kamailio SIP telephony server. This was caused by the Kamailio server mishandling
INVITErequests with duplicated fields.
The Kamailio SIP before 5.5.0 server mishandles INVITE requests with duplicated fields and overlength tag, leading to a buffer overflow that crashes the server or possibly have unspecified other impact.
For Debian 10
Buster, this problem has been fixed in version 5.2.1-1+deb10u1.
We recommend that you upgrade your kamailio packages.
Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS