usrsctp before 2019-12-20 has out-of-bounds reads in sctp_load_addresses_from_init.
CVE-2019-20503 (Candidate) is related to these bugs: