3 matches found
CVE-2026-43994
Coturn is a free open source implementation of TURN and STUN Server. Versions prior to 4.10.0 contain a stack buffer overflow in decodeoauthtokengcm. A uint16t noncelen field read from an attacker-supplied OAuth access token 0-65535 is passed directly to memcpy as the copy length into a 256-byte...
PT-2026-50787
Name of the Vulnerable Software and Affected Versions Coturn versions prior to 4.10.0 Description A stack buffer overflow exists in the decode oauth token gcm function. A nonce len field, read from an attacker-supplied OAuth access token, is passed to memcpy as the copy length into a 256-byte sta...
Deserialization of Untrusted Data
Overview limesurvey/limesurvey is a FOSS online survey tool on the web. Affected versions of this package are vulnerable to Deserialization of Untrusted Data through the decodeTokenAttributes helper. An attacker can achieve remote code execution by supplying a malicious serialized token attribute...