FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-04-18 11:12:36 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML ID	Description
04320e7d-ea66-11e2-a96e-60a44c524f57	libzrtpcpp -- multiple security vulnerabilities Mark Dowd reports: Vulnerability 1. Remote Heap Overflow: If an attacker sends a packet larger than 1024 bytes that gets stored temporarily (which occurs many times - such as when sending a ZRTP Hello packet), a heap overflow will occur, leading to potential arbitrary code execution on the vulnerable host. Vulnerability 2. Multiple Stack Overflows: ZRTPCPP contains multiple stack overflows that arise when preparing a response to a client's ZRTP Hello packet. Vulnerability 3. Information Leaking / Out of Bounds Reads: The ZRTPCPP library performs very little validation regarding the expected size of a packet versus the actual amount of data received. This can lead to both information leaking and out of bounds data reads (usually resulting in a crash). Information leaking can be performed for example by sending a malformed ZRTP Ping packet. Discovery 2013-06-27 Entry 2013-07-11 libzrtpcpp < 2.3.4 CVE-2013-2221 CVE-2013-2222 CVE-2013-2223

VuXML ID

Description

04320e7d-ea66-11e2-a96e-60a44c524f57

libzrtpcpp -- multiple security vulnerabilities

Mark Dowd reports:

Vulnerability 1. Remote Heap Overflow: If an attacker sends a packet larger than 1024 bytes that gets stored temporarily (which occurs many times - such as when sending a ZRTP Hello packet), a heap overflow will occur, leading to potential arbitrary code execution on the vulnerable host.

Vulnerability 2. Multiple Stack Overflows: ZRTPCPP contains multiple stack overflows that arise when preparing a response to a client's ZRTP Hello packet.

Vulnerability 3. Information Leaking / Out of Bounds Reads: The ZRTPCPP library performs very little validation regarding the expected size of a packet versus the actual amount of data received. This can lead to both information leaking and out of bounds data reads (usually resulting in a crash). Information leaking can be performed for example by sending a malformed ZRTP Ping packet.

Discovery 2013-06-27
Entry 2013-07-11
libzrtpcpp

< 2.3.4

CVE-2013-2221
CVE-2013-2222
CVE-2013-2223