Linked from that CVE to https://packetstormsecurity.com/files/159030/Kamailio-5.4.0-Header-Smuggling.html it’s marked as fixed in 5.4.0.  The change log from 5.3.6 also looks like it contains the fixes

 

https://www.kamailio.org/pub/kamailio/5.3.6/ChangeLog:

 

commit 340deabc375272dc3f0a921786890dab8ee778b3
Author: Daniel-Constantin Mierla miconda@gmail.com
Date:   Thu Jul 16 09:16:40 2020 +0200
 
    core: strutils - trim trailing spaces when comparing hdr names
    
    (cherry picked from commit 6d76b79b81bf448fa1f34753c1d000dc6c1870e0)
    (cherry picked from commit d0f7c7056b32351cac0b20ce24b074d9be8459a2)
 
commit 434dfd38aad2a0e9115ceba55d871fba5d6628f2
Author: Daniel-Constantin Mierla miconda@gmail.com
Date:   Thu Jul 16 09:09:48 2020 +0200
 
    core: parser - trim trailing whitespaces in header name
    
    (cherry picked from commit 7135feee9cdc93efa8c0c3e4abf24a9335ce42de)
    (cherry picked from commit 63e227383d9c5112f287299981d217f1558a15a8)

 

 

Ben Kaufman

 

From: sr-users <sr-users-bounces@lists.kamailio.org> On Behalf Of David Villasmil
Sent: Wednesday, December 1, 2021 4:13 PM
To: Kamailio (SER) - Users Mailing List <sr-users@lists.kamailio.org>
Subject: [SR-Users] NIST advisory

 

Anyone knows about this?

 

https://nvd.nist.gov/vuln/detail/CVE-2020-28361

--

Regards,

 

David Villasmil

email: david.villasmil.work@gmail.com

phone: +34669448337