PT-2013-1256 · Unknown · Libzrtpcpp

Mark Dowd

Published

2013-09-24

Updated

2018-01-09

CVE-2013-2221

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions libzrtpcpp versions prior to 3.2.0 libzrtpcpp versions prior to 2.3.4

Description The issue concerns multiple vulnerabilities in the libzrtpcpp package, which can be exploited remotely to compromise the confidentiality, integrity, and availability of protected information. A heap-based buffer overflow in the ZRtp::storeMsgTemp function allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large packet.

Recommendations For versions prior to 2.3.4, update to version 2.3.4 or later. For versions prior to 3.2.0, update to version 3.2.0 or later. As a temporary workaround, consider restricting access to the ZRtp::storeMsgTemp function until a patch is available.

Exploit

Fix

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-119

Related Identifiers

BDU:2015-09738

CVE-2013-2221

Affected Products

Libzrtpcpp

PT-2013-1256 · Unknown · Libzrtpcpp

CVE-2013-2221

Weakness Enumeration

Related Identifiers

Affected Products

References · 13