CVE-2013-2223

Name of the Vulnerable Software and Affected Versions libzrtpcpp versions prior to 3.2.0 GNU ZRTPCPP versions prior to 3.2.0

Description The issue affects the confidentiality, integrity, and availability of protected information. It can be exploited remotely, potentially allowing attackers to obtain sensitive information or cause a denial of service. Specifically, a crafted packet can lead to an out-of-bounds read, as demonstrated by a truncated Ping packet that is not properly handled by the getEpHash function.

Recommendations For versions prior to 3.2.0, update to version 3.2.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the getEpHash function until a patch is available.