Primary

Context

Kamailio Out-of-Bounds Access Vulnerability in Core TCP Data Processing Leading to Denial-of-Service

Vulnerability

Patched

A denial-of-service vulnerability has been identified in Kamailio, an open-source SIP signaling server, prior to versions 6.1.1, 6.0.6, and 5.8.8. The issue arises from an out-of-bounds access in the core of Kamailio, allowing remote attackers to cause a process crash by sending specially crafted data packets over TCP. This vulnerability affects Kamailio instances with TCP or TLS listeners.

Impact

Exploitation of this vulnerability leads to a process crash, causing a denial-of-service condition on the affected Kamailio instance.

Remediation

Users are advised to update to Kamailio versions 6.1.1, 6.0.6, or 5.8.8. Older Kamailio instances may receive occasional patches, but users must maintain their installation from the Git repository, as packages are only built for the last two stable branches.

Added: Apr 8, 2026, 10:35 PM

Updated: Apr 8, 2026, 10:35 PM

Vulnerability Rating

Custom Algorithm

spread

5.2

impact

2.5

exploitability

7.6

remediation

7.7

relevance

5.5

threat

0.0

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

5.2

impact

2.5

exploitability

7.6

remediation

7.7

relevance

5.5

threat

0.0

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Kamailio Out-of-Bounds Access Vulnerability in Core TCP Data Processing Leading to Denial-of-Service

Vulnerability

Impact

Remediation

Affected Products

Kamailio

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating