[SR-Users] NIST advisory

Ben Kaufman bkaufman at nexvortex.com
Wed Dec 1 23:45:56 CET 2021


Linked from that CVE to https://packetstormsecurity.com/files/159030/Kamailio-5.4.0-Header-Smuggling.html it's marked as fixed in 5.4.0.  The change log from 5.3.6 also looks like it contains the fixes

https://www.kamailio.org/pub/kamailio/5.3.6/ChangeLog:


commit 340deabc375272dc3f0a921786890dab8ee778b3

Author: Daniel-Constantin Mierla miconda at gmail.com<mailto:miconda at gmail.com>

Date:   Thu Jul 16 09:16:40 2020 +0200



    core: strutils - trim trailing spaces when comparing hdr names



    (cherry picked from commit 6d76b79b81bf448fa1f34753c1d000dc6c1870e0)

    (cherry picked from commit d0f7c7056b32351cac0b20ce24b074d9be8459a2)



commit 434dfd38aad2a0e9115ceba55d871fba5d6628f2

Author: Daniel-Constantin Mierla miconda at gmail.com<mailto:miconda at gmail.com>

Date:   Thu Jul 16 09:09:48 2020 +0200



    core: parser - trim trailing whitespaces in header name



    (cherry picked from commit 7135feee9cdc93efa8c0c3e4abf24a9335ce42de)

    (cherry picked from commit 63e227383d9c5112f287299981d217f1558a15a8)


Ben Kaufman

From: sr-users <sr-users-bounces at lists.kamailio.org> On Behalf Of David Villasmil
Sent: Wednesday, December 1, 2021 4:13 PM
To: Kamailio (SER) - Users Mailing List <sr-users at lists.kamailio.org>
Subject: [SR-Users] NIST advisory

Anyone knows about this?

https://nvd.nist.gov/vuln/detail/CVE-2020-28361<https://nam11.safelinks.protection.outlook.com/?url=https%3A%2F%2Fnvd.nist.gov%2Fvuln%2Fdetail%2FCVE-2020-28361&data=04%7C01%7Cbkaufman%40nexvortex.com%7Cccc3318743bb4619c39a08d9b517e58e%7Cafc1818e7b6848568913201b9396c4fc%7C1%7C0%7C637739936520277346%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C2000&sdata=OAJHZroyA%2F%2FmkVNSOBkWTxoWqq33%2BIcjBJndrXvUFqo%3D&reserved=0>
--
Regards,

David Villasmil
email: david.villasmil.work at gmail.com<mailto:david.villasmil.work at gmail.com>
phone: +34669448337
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.kamailio.org/pipermail/sr-users/attachments/20211201/5497bc7f/attachment.htm>


More information about the sr-users mailing list