Stack-based buffer overflow in FreeBSD - CVE-2026-49420
Published: July 1, 2026
FreeBSD
Detailed vulnerability description
The vulnerability allows a remote attacker to execute arbitrary code.
The vulnerability exists due to stack-based buffer overflow in the libalias RTSP handler when processing crafted outbound RTSP traffic during NAT translation. A remote attacker can send crafted RTSP traffic to execute arbitrary code.
The issue can affect kernel context when using ipfw(4) NAT or the natd(8) process, and only occurs for outbound TCP or UDP traffic involving port 554 or 7070.