CVE-2026-40613

A flaw was found in coturn, an open-source implementation of TURN and STUN servers. Unsafe pointer casts in the STUN Session Traversal Utilities for NAT and TURN Traversal Using Relays around NAT attribute parsing functions can lead to misaligned memory reads. An unauthenticated remote attacker c...

ROS-20250812-06

Vulnerability of Sofia-SIP user agent library session initiation protocol is related to the the ability to write outside of a buffer in memory. Exploitation of the vulnerability could allow an attacker, acting remotely, to execute arbitrary code by sending specially crafted STUN packets The...

USN-6448-1 sofia-sip vulnerability

Xu Biang discovered that Sofia-SIP did not properly manage memory when handling STUN packets. An attacker could use this issue to cause Sofia-SIP to crash, resulting in a denial of service, or possibly execute arbitrary code...

Sofia-SIP 输入验证错误漏洞

Sofia-SIP is an open source SIP user agent library from the individual developers of freeswitch that conforms to the IETF RFC3261 specification. A security vulnerability exists in Sofia-SIP versions prior to 1.13.15, which stems from a lack of attribute length checking when Sofia-SIP processes ST...

DEBIAN-CVE-2022-23547

PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. This issue is similar to GHSA-9pfh-r8x4-w26w. Possible buffer overread when parsing a certain STUN message. The vulnerability...

PJSIP 缓冲区错误漏洞

PJSIP is a free and open source multimedia communication library written in C that implements standards-based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. PJSIP suffers from a security vulnerability that stems from the possibility of overwriting buffers when it parses STUN messages...

UBUNTU-CVE-2022-31031

PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. In versions prior to and including 2.12.1 a stack buffer overflow vulnerability affects PJSIP users that use STUN in their...

Mozilla: Use-After-Free when trying to connect to a STUN server

The Mozilla Foundation Security Advisory describes this flaw as: When trying to connect to a STUN server, a race condition could have caused a use-after-free of a pointer, leading to memory corruption and a potentially exploitable crash...

Opera WebRTC Component Information Disclosure Vulnerability

Opera is a Norwegian Web browser developed by Opera Software, which supports multi-window browsing, customizable user interfaces, etc. The WebRTC component is one of the Web real-time communication components. A security vulnerability exists in the WebRTC component in Opera version 51.0.2830.55. ...