CVE Reference: CVE-2013-2222

NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE.

Original Page at CVE MITRE:
CVE-2013-2222

Description:
Multiple stack-based buffer overflows in GNU ZRTPCPP before 3.2.0 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted ZRTP Hello packet to the (1) ZRtp::findBestSASType, (2) ZRtp::findBestAuthLen, (3) ZRtp::findBestCipher, (4) ZRtp::findBestHash, or (5) ZRtp::findBestPubKey functions.

CVE Status:
Candidate

References:

SAID
  Secunia Advisory: SA53818
  Secunia Advisory: SA54998

MLIST
  http://seclists.org/oss-sec/2013/q2/638

MISC
  http://blog.azimuthsecurity.com/2013/06/attacking-crypto-phones-weaknesses-in.html

GENTOO
  http://security.gentoo.org/glsa/glsa-201309-13.xml

CONFIRM


Return to the previous page.