CVE Reference: CVE-2013-2223

NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE.

Original Page at CVE MITRE:
CVE-2013-2223

Description:
GNU ZRTPCPP before 3.2.0 allows remote attackers to obtain sensitive information (uninitialized heap memory) or cause a denial of service (out-of-bounds read) via a crafted packet, as demonstrated by a truncated Ping packet that is not properly handled by the getEpHash function.

CVE Status:
Candidate

References:

SAID
  Secunia Advisory: SA53818
  Secunia Advisory: SA54998

MLIST
  http://seclists.org/oss-sec/2013/q2/638

MISC
  http://blog.azimuthsecurity.com/2013/06/attacking-crypto-phones-weaknesses-in.html

GENTOO
  http://security.gentoo.org/glsa/glsa-201309-13.xml

CONFIRM


Return to the previous page.