PJSIP Heap-Based Buffer Overflow Vulnerability in DNS Parser Volerion Risk Score: 8.4 Why this matters A heap-based buffer overflow in PJSIP (versions 2.16 and earlier) occurs when the DNS parser mishandles name length fields. Remote attackers sending malicious DNS responses to applications using PJSIP's built-in resolver could trigger memory corruption, potentially leading to arbitrary code execution and full compromise of the affected process. Recommended actions Upgrade to PJSIP 2.17,...

DedeCMS Arbitrary Code Execution Vulnerability Volerion Risk Score: 7.8 Why this matters An input validation flaw in the array_filter component of DedeCMS (versions through 5.7.118) allows unauthenticated remote attackers to execute arbitrary code on the server. Successful exploitation grants full control of the underlying system, posing a severe threat to data integrity and service availability. Recommended actions Volerion has not observed any remediation so far. Affected products &...

libsoup Integer Underflow Vulnerability Leading to Buffer Overread and Denial-of-Service Volerion Risk Score: 8.1 Why this matters An integer underflow introduced in libsoup 3.6.1+ allows a buffer overread when zero-length resources are processed. A remote, unauthenticated attacker can trigger this flaw to crash applications that rely on libsoup or potentially access data held in adjacent memory, causing denial-of-service and information exposure. Recommended actions Upgrade to the latest...