17 matches found
EUVD-2013-2175
Malware in sbrugna...
EUVD-2013-2176
Malware in sbrugna...
EUVD-2013-2174
Malware in sbrugna...
SUSE CVE-2013-2222
Multiple stack-based buffer overflows in GNU ZRTPCPP before 3.2.0 allow remote attackers to cause a denial of service crash and possibly execute arbitrary code via a crafted ZRTP Hello packet to the 1 ZRtp::findBestSASType, 2 ZRtp::findBestAuthLen, 3 ZRtp::findBestCipher, 4 ZRtp::findBestHash, or...
SUSE CVE-2013-2223
GNU ZRTPCPP before 3.2.0 allows remote attackers to obtain sensitive information uninitialized heap memory or cause a denial of service out-of-bounds read via a crafted packet, as demonstrated by a truncated Ping packet that is not properly handled by the getEpHash function...
CVE-2013-2223
GNU ZRTPCPP before 3.2.0 allows remote attackers to obtain sensitive information uninitialized heap memory or cause a denial of service out-of-bounds read via a crafted packet, as demonstrated by a truncated Ping packet that is not properly handled by the getEpHash function...
CVE-2013-2222
Multiple stack-based buffer overflows in GNU ZRTPCPP before 3.2.0 allow remote attackers to cause a denial of service crash and possibly execute arbitrary code via a crafted ZRTP Hello packet to the 1 ZRtp::findBestSASType, 2 ZRtp::findBestAuthLen, 3 ZRtp::findBestCipher, 4 ZRtp::findBestHash, or...
Stack overflow
Multiple stack-based buffer overflows in GNU ZRTPCPP before 3.2.0 allow remote attackers to cause a denial of service crash and possibly execute arbitrary code via a crafted ZRTP Hello packet to the 1 ZRtp::findBestSASType, 2 ZRtp::findBestAuthLen, 3 ZRtp::findBestCipher, 4 ZRtp::findBestHash, or...
Heap overflow
Heap-based buffer overflow in the ZRtp::storeMsgTemp function in GNU ZRTPCPP before 3.2.0 allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via a large packet...
CVE-2013-2221
Heap-based buffer overflow in the ZRtp::storeMsgTemp function in GNU ZRTPCPP before 3.2.0 allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via a large packet...
UBUNTU-CVE-2013-2223
GNU ZRTPCPP before 3.2.0 allows remote attackers to obtain sensitive information uninitialized heap memory or cause a denial of service out-of-bounds read via a crafted packet, as demonstrated by a truncated Ping packet that is not properly handled by the getEpHash function...
CVE-2013-2222
GNU ZRTPPP (libzrtpcpp) contains multiple stack-based buffer overflows in the ZRTP implementation. Before version 3.2.0, a crafted ZRTP Hello packet can trigger overflows in the following internal routines: ZRtp::findBestSASType, ZRtp::findBestAuthLen, ZRtp::findBestCipher, ZRtp::findBestHash, an...
CVE-2013-2223
CVE-2013-2223 affects GNU ZRTPP (libzrtpcpp) prior to 3.2.0. A crafted remote packet can trigger an out-of-bounds read via the getEpHash function in a truncated Ping, potentially leaking uninitialized heap memory or causing a denial of service. The vulnerability is triggered by processing network...
CVE-2013-2222
Multiple stack-based buffer overflows in GNU ZRTPCPP before 3.2.0 allow remote attackers to cause a denial of service crash and possibly execute arbitrary code via a crafted ZRTP Hello packet to the 1 ZRtp::findBestSASType, 2 ZRtp::findBestAuthLen, 3 ZRtp::findBestCipher, 4 ZRtp::findBestHash, or...
CVE-2013-2223
GNU ZRTPCPP before 3.2.0 allows remote attackers to obtain sensitive information uninitialized heap memory or cause a denial of service out-of-bounds read via a crafted packet, as demonstrated by a truncated Ping packet that is not properly handled by the getEpHash function...
CVE-2013-2221
CVE-2013-2221 affects GNU ZRTPP: heap-based overflow in ZRtp::storeMsgTemp prior to 3.2.0 can cause remote DoS and may enable code execution via a large packet. Public docs confirm affected component (GNU ZRTPP) and the vulnerable version boundary (before 3.2.0). Remediation is version upgrade: o...
Several Flaws Discovered in ZRTPCPP Library Used in Secure Phone Apps
A security researcher has uncovered a number of serious vulnerabilities in one of the core security components of several secure telephony applications, including the Silent Circle system developed by PGP creator Phil Zimmermann. The vulnerabilities in the GNU ZRTPCPP library already have been...