Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
freebsdFreeBSD04320E7D-EA66-11E2-A96E-60A44C524F57
HistoryJun 27, 2013 - 12:00 a.m.

libzrtpcpp -- multiple security vulnerabilities

2013-06-2700:00:00
vuxml.freebsd.org
11

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

EPSS

0.121

Percentile

95.4%

JSON

Mark Dowd reports:

Vulnerability 1. Remote Heap Overflow: If an attacker sends a
packet larger than 1024 bytes that gets stored temporarily (which
occurs many times - such as when sending a ZRTP Hello packet), a
heap overflow will occur, leading to potential arbitrary code
execution on the vulnerable host.
Vulnerability 2. Multiple Stack Overflows: ZRTPCPP contains
multiple stack overflows that arise when preparing a response
to a client’s ZRTP Hello packet.
Vulnerability 3. Information Leaking / Out of Bounds Reads:
The ZRTPCPP library performs very little validation regarding the
expected size of a packet versus the actual amount of data
received. This can lead to both information leaking and out
of bounds data reads (usually resulting in a crash).
Information leaking can be performed for example by sending
a malformed ZRTP Ping packet.

OSVersionArchitecturePackageVersionFilename
FreeBSDanynoarchlibzrtpcpp< 2.3.4UNKNOWN

Related

nessus 6
openvas 15
fedora 7
gentoo 1
ubuntucve 3
prion 3
cvelist 3
nvd 3
cve 3
nessus
nessus
Fedora 18 : libzrtpcpp-2.3.4-1.fc18 / ortp-0.20.0-5.fc18 / twinkle-1.4.2-19.fc18.1 (2013-13019)
2013-07-24 00:00:00
openSUSE Security Update : libzrtpcpp (openSUSE-SU-2013:1599-1)
2014-06-13 00:00:00
Fedora 19 : libzrtpcpp-2.3.4-1.fc19 (2013-12479)
2013-07-16 00:00:00
openvas
openvas
Fedora Update for twinkle FEDORA-2013-13018
2013-08-01 00:00:00
Fedora Update for libzrtpcpp FEDORA-2013-13018
2013-08-01 00:00:00
Fedora Update for ortp FEDORA-2013-13018
2013-08-01 00:00:00
fedora
fedora
[SECURITY] Fedora 18 Update: ortp-0.20.0-5.fc18
2013-07-24 03:37:59
[SECURITY] Fedora 17 Update: libzrtpcpp-2.3.4-1.fc17
2013-07-24 03:41:48
[SECURITY] Fedora 17 Update: ortp-0.20.0-5.fc17
2013-07-24 03:41:48
gentoo
gentoo
GNU ZRTP: Multiple vulnerabilities
2013-09-24 00:00:00
ubuntucve
ubuntucve
CVE-2013-2223
2013-10-04 00:00:00
CVE-2013-2221
2013-10-04 00:00:00
CVE-2013-2222
2013-10-04 00:00:00
prion
prion
Out-of-bounds
2013-10-04 17:55:00
Heap overflow
2013-10-04 17:55:00
Stack overflow
2013-10-04 17:55:00
cvelist
cvelist
CVE-2013-2222
2013-10-04 17:00:00
CVE-2013-2223
2013-10-04 17:00:00
CVE-2013-2221
2013-10-04 17:00:00
nvd
nvd
CVE-2013-2223
2013-10-04 17:55:09
CVE-2013-2221
2013-10-04 17:55:09
CVE-2013-2222
2013-10-04 17:55:09
cve
cve
CVE-2013-2223
2013-10-04 17:55:09
CVE-2013-2221
2013-10-04 17:55:09
CVE-2013-2222
2013-10-04 17:55:09

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

EPSS

0.121

Percentile

95.4%

JSON
Related for 04320E7D-EA66-11E2-A96E-60A44C524F57
nessus6openvas15fedora7gentoo1ubuntucve3prion3cvelist3nvd3cve3