FreshPorts - VuXML
This page displays vulnerability information about FreeBSD Ports.
The last vuln.xml file processed by FreshPorts is:
List all Vulnerabilities, by package
List all Vulnerabilities, by date
These are the vulnerabilities relating to the commit you have selected:
|04320e7d-ea66-11e2-a96e-60a44c524f57||libzrtpcpp -- multiple security vulnerabilities|
Mark Dowd reports:
Vulnerability 1. Remote Heap Overflow: If an attacker sends a
packet larger than 1024 bytes that gets stored temporarily (which
occurs many times - such as when sending a ZRTP Hello packet), a
heap overflow will occur, leading to potential arbitrary code
execution on the vulnerable host.
Vulnerability 2. Multiple Stack Overflows: ZRTPCPP contains
multiple stack overflows that arise when preparing a response
to a client's ZRTP Hello packet.
Vulnerability 3. Information Leaking / Out of Bounds Reads:
The ZRTPCPP library performs very little validation regarding the
expected size of a packet versus the actual amount of data
received. This can lead to both information leaking and out
of bounds data reads (usually resulting in a crash).
Information leaking can be performed for example by sending
a malformed ZRTP Ping packet.