Executive Summary

CVE-2026-39864 is a moderate severity vulnerability in the auth module of the Kamailio SIP Server versions prior to 6.0.5 and 5.8.7.

The issue occurs when user authentication is done without a database backend, following RFC2617. After a successful authentication, a specially crafted SIP packet can trigger an out-of-bounds read during additional user identity checks.

This out-of-bounds read causes Kamailio to crash, resulting in a denial of service (DoS). The vulnerability can be exploited remotely over the network, but requires high privileges and has high attack complexity.

Useful 0 Not Useful 0

Impact Analysis

This vulnerability impacts the availability of the Kamailio SIP Server by causing it to crash when exploited.

An attacker who has high privileges can remotely send a specially crafted SIP packet that triggers an out-of-bounds read, leading to a denial of service (DoS) condition.

While confidentiality and integrity are not affected, the server becoming unavailable can disrupt communications and services relying on Kamailio.

Useful 0 Not Useful 0

Detection Guidance

This vulnerability involves an out-of-bounds read in the auth module of Kamailio SIP Server triggered by specially crafted SIP packets after successful user authentication without a database backend.

Detection can focus on monitoring for unexpected Kamailio process crashes or denial of service symptoms following SIP authentication events.

Since the vulnerability is triggered by crafted SIP packets, network traffic analysis tools can be used to inspect SIP packets for anomalies or malformed authentication sequences.

Specific commands are not provided in the available resources, but general approaches include:

• Checking Kamailio logs for crash reports or errors related to the auth module.
• Using packet capture tools like tcpdump or Wireshark to capture and analyze SIP traffic for unusual authentication packets.
• Monitoring system processes for unexpected Kamailio crashes or restarts.

Useful 0 Not Useful 0

Compliance Impact

This vulnerability causes a denial of service (DoS) by crashing the Kamailio SIP server process, which impacts system availability.

However, the vulnerability does not affect confidentiality or integrity of data, as it involves an out-of-bounds read without data leakage or modification.

Since availability is a key component in compliance with standards like GDPR and HIPAA, this vulnerability could negatively impact compliance by causing service interruptions.

Organizations relying on Kamailio for SIP signaling should address this vulnerability promptly to maintain availability and meet regulatory requirements.

Useful 0 Not Useful 0

Mitigation Strategies

The primary mitigation step is to upgrade Kamailio to a fixed version: 6.0.5 or 5.8.7 or later.

If upgrading immediately is not possible, consider restricting access to the Kamailio SIP server to trusted networks or users with elevated privileges, as the attack requires high privileges.

Additionally, monitor Kamailio for crashes and apply any available patches or backports from the git repository if official packages are not yet updated.

Contact the Kamailio security mailing list for further guidance or to report issues.

Useful 0 Not Useful 0