There exists a security vulnerability in the Kamailio SIP server related to To header processing. A specially crafted SIP message with double To header and an empty To tag causes a segmentation fault and crashes Kamailio. The reason is missing input validation in the build_res_buf_from_sip_req core function.
