CVE-2013-2221

Name of the Vulnerable Software and Affected Versions libzrtpcpp versions prior to 3.2.0 libzrtpcpp versions prior to 2.3.4

Description The issue concerns multiple vulnerabilities in the libzrtpcpp package, which can be exploited remotely to compromise the confidentiality, integrity, and availability of protected information. A heap-based buffer overflow in the ZRtp::storeMsgTemp function allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large packet.

Recommendations For versions prior to 2.3.4, update to version 2.3.4 or later. For versions prior to 3.2.0, update to version 3.2.0 or later. As a temporary workaround, consider restricting access to the ZRtp::storeMsgTemp function until a patch is available.