Primary

Context

Kamailio SIP Server Auth Module Out-of-Bounds Read Vulnerability Leading to Denial-of-Service

Vulnerability

Patched

A denial-of-service vulnerability has been identified in the auth module of Kamailio SIP Server, affecting versions prior to 6.0.5 and 5.8.7. The issue arises from an out-of-bounds read that allows remote attackers to crash the Kamailio process. This vulnerability is triggered by a specially crafted SIP packet, following a successful user authentication without a database backend, and additional user identity checks.

Impact

Exploitation of this vulnerability causes a process crash, leading to a denial-of-service condition on the affected system.

Remediation

Users are advised to update Kamailio to version 6.0.5 or 5.8.7. The latest two stable branches are supported, while older versions may receive occasional patches.

Added: Apr 8, 2026, 10:37 PM

Updated: Apr 8, 2026, 10:37 PM

Vulnerability Rating

Custom Algorithm

spread

5.2

impact

2.5

exploitability

6.4

remediation

7.7

relevance

5.5

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

5.2

impact

2.5

exploitability

6.4

remediation

7.7

relevance

5.5

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Kamailio SIP Server Auth Module Out-of-Bounds Read Vulnerability Leading to Denial-of-Service

Vulnerability

Impact

Remediation

Affected Products

Kamailio

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating