Vulnerability CVE-2013-2139
Published: 2014-01-16

Description:
Buffer overflow in srtp.c in libsrtp in srtp 1.4.5 and earlier allows remote attackers to cause a denial of service (crash) via vectors related to a length inconsistency in the crypto_policy_set_from_profile_for_rtp and srtp_protect functions.

See advisories in our WLB2 database:
Topic
Author
Date
Low
CISCO Libsrtp srtp_protect/hmac_compute buffer overflow
Groundworks
04.06.2013

Type:

CWE-119

 (Improper Restriction of Operations within the Bounds of a Memory Buffer)

CVSS2 => (AV:N/AC:H/Au:N/C:N/I:N/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
2.6/10
2.9/10
4.9/10
Exploit range
Attack complexity
Authentication
Remote
High
No required
Confidentiality impact
Integrity impact
Availability impact
None
None
Partial
Affected software
Opensuse -> Opensuse 
Novell -> Opensuse 
Fedoraproject -> Fedora 
Cisco -> Libsrtp 

 References:
http://advisories.mageia.org/MGASA-2014-0465.html
http://lists.opensuse.org/opensuse-updates/2013-07/msg00083.html
http://lists.opensuse.org/opensuse-updates/2014-09/msg00059.html
http://lwn.net/Articles/579633/
http://seclists.org/fulldisclosure/2013/Jun/10
http://www.debian.org/security/2014/dsa-2840
http://www.mandriva.com/security/advisories?name=MDVSA-2014:219
https://bugzilla.redhat.com/show_bug.cgi?id=970697
https://github.com/cisco/libsrtp/pull/27
Copyright 2024, cxsecurity.com

 

Back to Top