Linked from that CVE to https://packetstormsecurity.com/files/159030/Kamailio-5.4.0-Header-Smuggling.html it's marked as fixed in 5.4.0. The change log from 5.3.6 also looks like it contains the fixes
https://www.kamailio.org/pub/kamailio/5.3.6/ChangeLog: commit 340deabc375272dc3f0a921786890dab8ee778b3 Author: Daniel-Constantin Mierla mico...@gmail.com<mailto:mico...@gmail.com> Date: Thu Jul 16 09:16:40 2020 +0200 core: strutils - trim trailing spaces when comparing hdr names (cherry picked from commit 6d76b79b81bf448fa1f34753c1d000dc6c1870e0) (cherry picked from commit d0f7c7056b32351cac0b20ce24b074d9be8459a2) commit 434dfd38aad2a0e9115ceba55d871fba5d6628f2 Author: Daniel-Constantin Mierla mico...@gmail.com<mailto:mico...@gmail.com> Date: Thu Jul 16 09:09:48 2020 +0200 core: parser - trim trailing whitespaces in header name (cherry picked from commit 7135feee9cdc93efa8c0c3e4abf24a9335ce42de) (cherry picked from commit 63e227383d9c5112f287299981d217f1558a15a8) Ben Kaufman From: sr-users <sr-users-boun...@lists.kamailio.org> On Behalf Of David Villasmil Sent: Wednesday, December 1, 2021 4:13 PM To: Kamailio (SER) - Users Mailing List <sr-users@lists.kamailio.org> Subject: [SR-Users] NIST advisory Anyone knows about this? https://nvd.nist.gov/vuln/detail/CVE-2020-28361<https://nam11.safelinks.protection.outlook.com/?url=https%3A%2F%2Fnvd.nist.gov%2Fvuln%2Fdetail%2FCVE-2020-28361&data=04%7C01%7Cbkaufman%40nexvortex.com%7Cccc3318743bb4619c39a08d9b517e58e%7Cafc1818e7b6848568913201b9396c4fc%7C1%7C0%7C637739936520277346%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C2000&sdata=OAJHZroyA%2F%2FmkVNSOBkWTxoWqq33%2BIcjBJndrXvUFqo%3D&reserved=0> -- Regards, David Villasmil email: david.villasmil.w...@gmail.com<mailto:david.villasmil.w...@gmail.com> phone: +34669448337
__________________________________________________________ Kamailio - Users Mailing List - Non Commercial Discussions * sr-users@lists.kamailio.org Important: keep the mailing list in the recipients, do not reply only to the sender! Edit mailing list options or unsubscribe: * https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users