CVE-2025-12204
BaseFortify
Publication date: 2025-10-27
Last updated on: 2026-04-29
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| kamailio | kamailio | 5.5.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-119 | The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data. |
| CWE-122 | A heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc(). |
| CWE-787 | The product writes data past the end, or before the beginning, of the intended buffer. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-12204 is a heap-buffer-overflow vulnerability in Kamailio SIP Server version 5.5. It occurs in the function rve_destroy() during configuration parsing and cleanup, where improperly handled module function parameter expression trees cause the function to read beyond allocated heap memory boundaries. This happens due to inconsistent internal states of expression objects, such as truncated allocations or stale pointers, leading to out-of-bounds memory reads. The vulnerability can cause Kamailio to crash during configuration parsing or initialization. [1]
How can this vulnerability impact me? :
This vulnerability can cause a guaranteed Denial of Service (DoS) by crashing the Kamailio server during configuration parsing or initialization, preventing the service from starting. Additionally, the heap out-of-bounds read/write may lead to memory corruption, which could potentially be exploited for remote code execution depending on attacker control and environment. However, the attack must be carried out locally. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by monitoring Kamailio 5.5 for crashes or abnormal behavior during configuration parsing or initialization, especially when loading configuration files. A practical detection method is to run Kamailio with AddressSanitizer (ASan) enabled and use a specially crafted configuration file (e.g., kamailio-basic.cfg) that triggers the heap-buffer-overflow in the rve_destroy() function. Commands to detect the issue include building Kamailio with ASan, replacing the default config with the crafted one, and running Kamailio to observe crashes. Specific commands might be: 1) Compile Kamailio with ASan enabled, 2) Replace the configuration file with a test config that triggers the issue, 3) Run Kamailio and monitor logs or crashes. Since the attack must be local and triggers on configuration parsing, monitoring logs for crashes or running Kamailio under a memory error detector like ASan is recommended. [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include avoiding running Kamailio 5.5 with untrusted or malformed configuration files that could trigger the vulnerability. Since the vulnerability is triggered locally during configuration parsing, ensure that only trusted administrators can modify configuration files. Additionally, monitor for updates or patches from the vendor, although no response was noted from the vendor at the time of disclosure. Running Kamailio in a restricted environment with limited privileges can reduce impact. If possible, use memory protection tools like AddressSanitizer during testing to detect issues early. Until a patch is available, restrict local access and validate configuration files carefully before deployment. [1]