|Number of vulnerabilities||1|
|CVE ID|| CVE-2018-14767
|Public exploit||Not available|
|Vulnerable software versions||
The vulnerability allows a remote attacker to cause DoS condition on the target system.
The vulnerability exists due to insufficient input validation in the "build_res_buf_from_sip_req" core function. A remote unauthenticated attacker can supply a specially crafted SIP message with a double "To" header and an empty "To" tag, trigger segmentation fault and cause the service to crash.
Successful exploitation of this vulnerability may also result in remote code execution.Remediation
The vulnerability has been addressed in the versions 5.0.7, 5.1.4.External links