CVE-2019-20503 – usrsctp: Out of bounds reads in sctp_load_addresses_from_init()

https://notcve.org/view.php?id=CVE-2019-20503

06 Mar 2020 — usrsctp before 2019-12-20 has out-of-bounds reads in sctp_load_addresses_from_init. usrsctp versiones anteriores al 20-12-2019, presenta lecturas fuera de límites en la función sctp_load_addresses_from_init. The Mozilla Foundation Security Advisory describes this flaw as: The inputs to `sctp_load_addresses_from_init` are verified by `sctp_arethere_unrecognized_parameters`; however, the two functions handled parameter bounds differently, resulting in out of bounds reads when parameters are partially outside ... • http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00022.html • CWE-125: Out-of-bounds Read •