MNBSD-2026-62: Buffer overflow in the libalias RTSP handler (CVE-2026-49420)

Severity: Unknown

Affected Package: libalias

Summary: Buffer overflow in the libalias RTSP handler (CVE-2026-49420)

Description

The RTSP handler in libalias (alias_smedia) rewrote outgoing NAT packets into a fixed-length 2048-byte stack buffer without checking whether the rewritten data fit in the buffer or back in the original packet. 1. Stack buffer overflow in alias_rtsp_out() (CWE-121/CWE-787, CVE-2026-49420) - crafted RTSP traffic (source or destination port 554 or 7070) undergoing outbound NAT translation could overflow the stack buffer. A host sending crafted RTSP traffic from inside a NAT gateway using libalias could achieve remote code execution in the kernel (ipfw(4) NAT via alias_smedia.ko) or in the natd(8) process, which typically runs as root (via libalias_smedia.so).

Affected Versions

libalias

Recommendations

No specific recommendations provided.

References

Additional Information

Aliases: CVE-2026-49420

Published: July 01, 2026
Last Modified: July 01, 2026