FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

FreeBSD -- Buffer overflow in libalias RTSP handler

Affected packages
15.1 <= FreeBSD-kernel < 15.1_1
15.0 <= FreeBSD-kernel < 15.0_11
14.4 <= FreeBSD-kernel < 14.4_7
14.3 <= FreeBSD-kernel < 14.3_16

Details

VuXML ID f5dd96dd-74e1-11f1-958d-bc241121aa0a
Discovery 2026-06-30
Entry 2026-07-01

Problem Description:

The RTSP handler in libalias rewrote outgoing packets into a fixed-length stack buffer without checking whether the rewritten data fit in the buffer, or whether the result fit back in the original packet.

Impact:

A host sending crafted RTSP traffic from inside a NAT gateway using libalias can overflow a stack buffer, potentially achieving remote code execution in the kernel (when using ipfw(4) NAT) or in the natd(8) process (which generally runs as the root user).

References

CVE Name CVE-2026-49420
FreeBSD Advisory SA-26:41.libalias