Heap-based buffer overflow in the ZRtp::storeMsgTemp function in GNU ZRTPCPP before 3.2.0 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large packet.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| wernerd | zrtpcpp | 3.1.0 |
| wernerd | zrtpcpp | 3.2.0 |
| wernerd | zrtpcpp | 2.2.0 |
| wernerd | zrtpcpp | 3.0.0 |
| wernerd | zrtpcpp | 2.1.2 |
| wernerd | zrtpcpp | * |
| wernerd | zrtpcpp | 2.3.0 |
Multiple stack-based buffer overflows in GNU ZRTPCPP before 3.2.0 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted ZRTP Hello packet to the (1) ZRtp::findBestSASType, (2) ZRtp::findBestAuthLen, (3) ZRtp::findBestCipher, (4) ZRtp::findBestHash, or (5) ZRtp::findBestPubKey functions.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| wernerd | zrtpcpp | 3.1.0 |
| wernerd | zrtpcpp | 3.2.0 |
| wernerd | zrtpcpp | 2.2.0 |
| wernerd | zrtpcpp | 3.0.0 |
| wernerd | zrtpcpp | 2.1.2 |
| wernerd | zrtpcpp | * |
| wernerd | zrtpcpp | 2.3.0 |
GNU ZRTPCPP before 3.2.0 allows remote attackers to obtain sensitive information (uninitialized heap memory) or cause a denial of service (out-of-bounds read) via a crafted packet, as demonstrated by a truncated Ping packet that is not properly handled by the getEpHash function.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| wernerd | zrtpcpp | 3.1.0 |
| wernerd | zrtpcpp | 3.2.0 |
| wernerd | zrtpcpp | 2.2.0 |
| wernerd | zrtpcpp | 3.0.0 |
| wernerd | zrtpcpp | 2.1.2 |
| wernerd | zrtpcpp | * |
| wernerd | zrtpcpp | 2.3.0 |