FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The last vuln.xml file processed by FreshPorts is:

Revision:  437266
Date:      2017-03-30
Time:      01:58:06Z
Committer: junovitch

List all Vulnerabilities, by package

List all Vulnerabilities, by date

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
04320e7d-ea66-11e2-a96e-60a44c524f57libzrtpcpp -- multiple security vulnerabilities

Mark Dowd reports:

Vulnerability 1. Remote Heap Overflow: If an attacker sends a packet larger than 1024 bytes that gets stored temporarily (which occurs many times - such as when sending a ZRTP Hello packet), a heap overflow will occur, leading to potential arbitrary code execution on the vulnerable host.

Vulnerability 2. Multiple Stack Overflows: ZRTPCPP contains multiple stack overflows that arise when preparing a response to a client's ZRTP Hello packet.

Vulnerability 3. Information Leaking / Out of Bounds Reads: The ZRTPCPP library performs very little validation regarding the expected size of a packet versus the actual amount of data received. This can lead to both information leaking and out of bounds data reads (usually resulting in a crash). Information leaking can be performed for example by sending a malformed ZRTP Ping packet.

Discovery 2013-06-27
Entry 2013-07-11
lt 2.3.4