usrsctp before 2019-12-20 has out-of-bounds reads in sctploadaddressesfrominit.
{ "vanir_signatures": [ { "id": "CVE-2019-20503-14ff5ff7", "digest": { "line_hashes": [ "327730508206728550863753806873793731736", "232271758629531299930137668846449714744", "194005753297318196458770335547941487347", "86204924904057636553596664040784693774", "244136754859619190609903659491420283679", "44612721252499536122830739299996825008", "116186934364462999016852279057551526709", "64501329213993218393816168186692126019", "119328532300576277392225218027534876256", "329598022706840916657844249803604086365", "176396067618788986641177387171929621588" ], "threshold": 0.9 }, "signature_version": "v1", "target": { "file": "usrsctplib/netinet/sctp_pcb.c" }, "deprecated": false, "signature_type": "Line", "source": "https://github.com/sctplab/usrsctp/commit/790a7a2555aefb392a5a69923f1e9d17b4968467" }, { "id": "CVE-2019-20503-185f67a0", "digest": { "length": 3188.0, "function_hash": "27420102985421191217555899899753575960" }, "signature_version": "v1", "target": { "file": "usrsctplib/netinet/sctp_auth.c", "function": "sctp_auth_get_cookie_params" }, "deprecated": false, "signature_type": "Function", "source": "https://github.com/sctplab/usrsctp/commit/790a7a2555aefb392a5a69923f1e9d17b4968467" }, { "id": "CVE-2019-20503-e574742e", "digest": { "line_hashes": [ "198649497057395982509242331217339772045", "326714267827621994314007627938541425994", "200687103341371863484723060369228893508", "35232636956357906578787539674949587156", "293811026459325849753854165102556642130", "187752912983013076529152616624826225304", "177037905624134339009325707825459025466" ], "threshold": 0.9 }, "signature_version": "v1", "target": { "file": "usrsctplib/netinet/sctp_auth.c" }, "deprecated": false, "signature_type": "Line", "source": "https://github.com/sctplab/usrsctp/commit/790a7a2555aefb392a5a69923f1e9d17b4968467" }, { "id": "CVE-2019-20503-e903d135", "digest": { "length": 12999.0, "function_hash": "72565663288024329373879027215936898435" }, "signature_version": "v1", "target": { "file": "usrsctplib/netinet/sctp_pcb.c", "function": "sctp_load_addresses_from_init" }, "deprecated": false, "signature_type": "Function", "source": "https://github.com/sctplab/usrsctp/commit/790a7a2555aefb392a5a69923f1e9d17b4968467" } ] }