2 matches found
CVE-2013-2222
Multiple stack-based buffer overflows in GNU ZRTPCPP before 3.2.0 allow remote attackers to cause a denial of service crash and possibly execute arbitrary code via a crafted ZRTP Hello packet to the 1 ZRtp::findBestSASType, 2 ZRtp::findBestAuthLen, 3 ZRtp::findBestCipher, 4 ZRtp::findBestHash, or...
libzrtpcpp -- multiple security vulnerabilities
Mark Dowd reports: Vulnerability 1. Remote Heap Overflow: If an attacker sends a packet larger than 1024 bytes that gets stored temporarily which occurs many times - such as when sending a ZRTP Hello packet, a heap overflow will occur, leading to potential arbitrary code execution on the vulnerab...