QwikSec

Security Database

CVE

CWE

Training

CVE-2013-2222

Published: Oct 4, 2013

Modified: Aug 6, 2024

PUBLISHED

Description

Multiple stack-based buffer overflows in GNU ZRTPCPP before 3.2.0 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted ZRTP Hello packet to the (1) ZRtp::findBestSASType, (2) ZRtp::findBestAuthLen, (3) ZRtp::findBestCipher, (4) ZRtp::findBestHash, or (5) ZRtp::findBestPubKey functions.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

openSUSE-SU-2013:1600

vendor-advisory

x_refsource_SUSE

https://github.com/wernerd/ZRTPCPP/commit/4654f330317c9948bb61d138eb24d49690ca4637

x_refsource_CONFIRM

http://blog.azimuthsecurity.com/2013/06/attacking-crypto-phones-weaknesses-in.html

x_refsource_MISC

third-party-advisory

x_refsource_SECUNIA

openSUSE-SU-2013:1599

vendor-advisory

x_refsource_SUSE

vendor-advisory

x_refsource_GENTOO

[oss-security] 20130630 Re: CVE request: Multiple issues in GNU ZRTPCPP

mailing-list

x_refsource_MLIST

third-party-advisory

x_refsource_SECUNIA

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.