PJSIP Heap-Based Buffer Overflow Vulnerability in DNS Parser Volerion Risk Score: 8.4 Why this matters A heap-based buffer overflow in PJSIP (versions 2.16 and earlier) occurs when the DNS parser mishandles name length fields. Remote attackers sending malicious DNS responses to applications using PJSIP's built-in resolver could trigger memory corruption, potentially leading to arbitrary code execution and full compromise of the affected process. Recommended actions Upgrade to PJSIP 2.17,...

libsoup Integer Underflow Vulnerability Leading to Buffer Overread and Denial-of-Service Volerion Risk Score: 8.1 Why this matters An integer underflow introduced in libsoup 3.6.1+ allows a buffer overread when zero-length resources are processed. A remote, unauthenticated attacker can trigger this flaw to crash applications that rely on libsoup or potentially access data held in adjacent memory, causing denial-of-service and information exposure. Recommended actions Upgrade to the latest...

mkj Dropbear Signature Verification Vulnerability in Curve25519 Component Volerion Risk Score: 8.6 Why this matters A signature malleability flaw in Dropbear SSH (versions ≤ 2025.89) lets remote attackers craft alternate Ed25519 signatures that pass verification in the unpackneg function of src/curve25519.c. Successful exploitation breaks signature uniqueness, undermining security controls or audit logs that rely on distinct signatures for integrity. Recommended actions Apply the vendor patch...