OSV-2026-302

See a problem?
Import Source
https://github.com/google/oss-fuzz-vulns/blob/main/vulns/coturn/OSV-2026-302.yaml
JSON Data
https://api.osv.dev/v1/vulns/OSV-2026-302
Published
2026-02-25T00:07:20.338981Z
Modified
2026-02-25T00:07:20.339278Z
Summary
Use-of-uninitialized-value in BIO_new_file
Details

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=486713209

Crash type: Use-of-uninitialized-value
Crash state:
BIO_new_file
libcrypto.so.3
CONF_modules_load_file_ex
References

Affected packages

OSS-Fuzz / coturn

Package

Name
coturn
Purl
pkg:generic/coturn

Affected ranges

Type
GIT
Repo
https://github.com/coturn/coturn
Events
Introduced
4c674289a8a288dd310e87490334684b05d61381
Fixed
42826e86dc9c1805960589109cf84c93135f7cb1

Affected versions

4.*
4.9.0
docker/4.*
docker/4.9.0-r0

Ecosystem specific 

{
    "severity": "MEDIUM"
}

Database specific

fixed_range 
"3294c714aa184cc5510c035e7ed679dede653e90:42826e86dc9c1805960589109cf84c93135f7cb1"
source 
"https://github.com/google/oss-fuzz-vulns/blob/main/vulns/coturn/OSV-2026-302.yaml"
introduced_range 
"6c38ccb08d812e60e109d2c7d0e272445c63b83b:e5ed78583d703ad1e45d03e0e14434e511292ad7"