If the incoming STUN message contains an ERROR-CODE attribute, the header length is not checked before performing a subtraction operation, potentially resulting in an integer underflow scenario.
Impact
It affects all users that use STUN. A malicious actor located within the victim’s network may forge and send a specially crafted UDP (STUN) message that could remotely execute arbitrary code on the victim’s machine.
Patches
The patch is available as commit 15663e3 in the master branch.
For more information
If you have any questions or comments about this advisory:
Email us at [email protected]
If the incoming STUN message contains an ERROR-CODE attribute, the header length is not checked before performing a subtraction operation, potentially resulting in an integer underflow scenario.
Impact
It affects all users that use STUN. A malicious actor located within the victim’s network may forge and send a specially crafted UDP (STUN) message that could remotely execute arbitrary code on the victim’s machine.
Patches
The patch is available as commit 15663e3 in the master branch.
For more information
If you have any questions or comments about this advisory:
Email us at [email protected]