> On 1 Nov 2025, at 04:00, Solar Designer <[email protected]> wrote: > > CVEs against dnsmasq (CVE-2025-12198, CVE-2025-12199, CVE-2025-12200) > and Kamailio (CVE-2025-12204, CVE-2025-12205, CVE-2025-12206, and > CVE-2025-12207) mentioned in this thread are not yet disputed and have > no comments of this sort in their descriptions.
As part of the Kamailio project I can say that we did just become aware of these CVEs in your email. They do not make sense. Trying to get to the report, the config files used to provoke the issue can’t be downloaded. If you have access to edit the config files, there are much more simple ways to cause damage than to provoke a problem in the config file parser. We will have an internal discussion but that will likely lead to the project disputing these CVEs. Best regards, /Olle
