QwikSec

Security Database

CVE

CWE

Training

CVE-2013-2223

Published: Oct 4, 2013

Modified: Aug 6, 2024

PUBLISHED

Description

GNU ZRTPCPP before 3.2.0 allows remote attackers to obtain sensitive information (uninitialized heap memory) or cause a denial of service (out-of-bounds read) via a crafted packet, as demonstrated by a truncated Ping packet that is not properly handled by the getEpHash function.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

openSUSE-SU-2013:1600

vendor-advisory

x_refsource_SUSE

https://github.com/wernerd/ZRTPCPP/commit/4654f330317c9948bb61d138eb24d49690ca4637

x_refsource_CONFIRM

http://blog.azimuthsecurity.com/2013/06/attacking-crypto-phones-weaknesses-in.html

x_refsource_MISC

third-party-advisory

x_refsource_SECUNIA

openSUSE-SU-2013:1599

vendor-advisory

x_refsource_SUSE

vendor-advisory

x_refsource_GENTOO

[oss-security] 20130630 Re: CVE request: Multiple issues in GNU ZRTPCPP

mailing-list

x_refsource_MLIST

third-party-advisory

x_refsource_SECUNIA

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.