The header length on incoming STUN messages that contain an ERROR-CODE attribute is not properly checked. This can result in an integer underflow. Note, this requires ICE or WebRTC support to be in use with a malicious remote party.
b4d958ee6e32f6f622c4ae3b0cd99a1c00dcde4578e8d8eca299633634cfec4c