CVE-2016-2385

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2016-2385
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2016-2385.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2016-2385
Downstream
Published
2016-04-11T15:59:05Z
Modified
2025-10-15T08:04:54.441912Z
Severity
  • 9.8 (Critical) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

Heap-based buffer overflow in the encodemsg function in encodemsg.c in the SEAS module in Kamailio (formerly OpenSER and SER) before 4.3.5 allows remote attackers to cause a denial of service (memory corruption and process crash) or possibly execute arbitrary code via a large SIP packet.

References

Affected packages

Git / github.com/kamailio/kamailio

Affected ranges

Type
GIT
Repo
https://github.com/kamailio/kamailio
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
f50c9c853e7809810099c970780c30b0765b0643

Affected versions

3.*

3.0_pre1

Other

after_0_9_4_pkg_merge
after_makefile_merges
after_testing_0_8_12_r0_merge
after_testing_0_8_12_r1_merge
after_xl
before_db_api_changes
before_dest_info_changes_2
before_kill_repl_add_rm
before_lumps_split
before_malloc_changes
before_new_timers
before_pa
before_replication_patch
before_socket_info_lists
before_str2ip_changes
before_tcp_port_aliases
before_testing_0_8_12_r0_merge
before_testing_0_8_12_r1_merge
before_tm_timers
before_xl
bflmpsvz
bigbang
bogdan_final_version
budvar
fixstats
gpled
ipv4_working
ipv6
last_merge_to_janakj
listen_ifs
mem-fixes
myself_port_lo
new_cfg_compiles
new_hash
new_timers
old_mod_iface
orig
ported_ser_cvs_modules
post-zt
pre-bigbang
pre-zt
pre22
pre6-tcp4
pre6-tcp5-tm
pre_fixstats
pregpl
pure_ser_cvs_modules
rel_0_8_11_root
rel_0_9_0_root
ser_0-8-6-4
ser_081-plugins
ser_082
ser_0839_errors
ser_0_7
ser_0_8_10
ser_0_8_10_pre2
ser_0_8_10_pre3
ser_0_8_10_pre4
ser_0_8_10_pre5
ser_0_8_3_1
ser_0_8_3_2
ser_0_8_6-5-stable
ser_0_8_6-6-beer-release
ser_0_8_7-0-unstable
ser_0_8_8-final-cd-release
ser_0_8_9
ser_0_8_9-release
sip_083
sip_pre-plugin
sr_before_modules_merge
sr_simpleconfig
srv
tcp2
testing_0_8_12_root
tmp_pcl_tag_17368Js8
v03
v0_2
v0_8_11_pre9
v0_8_11dev34
v0_8_11pre29
v0_8_11pre29-prerelease
v0_8_11pre29-prerelease-cd
v0_8_11pre8
v0_8_12_t02_merged_w_v0_8_11pre35
v0_8_12dev-t03
v0_8_12dev_t05
v0_8_12dev_t13
v0_8_13dev-t16
v0_8_8
voicemail_0_1_0
wo_sp

sr_3.*

sr_3.1_freeze

Database specific

vanir_signatures

[
    {
        "id": "CVE-2016-2385-5ebe3977",
        "deprecated": false,
        "source": "https://github.com/kamailio/kamailio/commit/f50c9c853e7809810099c970780c30b0765b0643",
        "signature_type": "Function",
        "target": {
            "function": "encode_msg",
            "file": "modules/seas/encode_msg.c"
        },
        "digest": {
            "function_hash": "91223690401395193117105268344153768528",
            "length": 3699.0
        },
        "signature_version": "v1"
    },
    {
        "id": "CVE-2016-2385-fb9761ed",
        "deprecated": false,
        "source": "https://github.com/kamailio/kamailio/commit/f50c9c853e7809810099c970780c30b0765b0643",
        "signature_type": "Line",
        "target": {
            "file": "modules/seas/encode_msg.c"
        },
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "221125951136127670003058648238912580109",
                "185724564334586000378420562852713908961",
                "162921764091139509490171745442129982752",
                "13221970240674696037362829513348688430",
                "80466780312632555410180150471875982336",
                "124248757180292392880837749569296223629",
                "156343932907448452507792033016352619609"
            ]
        },
        "signature_version": "v1"
    }
]