Buffer Overflow in Libsrtp Affects Remote Communications by Cisco
CVE-2013-2139

Currently unrated

Key Information:

Vendor: Fedoraproject
Status: Fedora; Opensuse
Vendor: CVE Published:; 16 January 2014

Summary

A buffer overflow vulnerability exists in srtp.c of Libsrtp, allowing remote attackers to exploit inconsistencies in the crypto_policy_set_from_profile_for_rtp and srtp_protect functions. This flaw can lead to a denial of service by crashing the application, potentially disrupting secure communications. It is critical for users to ensure that they are using updated versions to mitigate this risk.

References

http://www.mandriva.com/security/advisories?name=MDVSA-20...

vendor-advisoryx_refsource_MANDRIVA

https://bugzilla.redhat.com/show_bug.cgi?id=970697

x_refsource_CONFIRM

http://seclists.org/fulldisclosure/2013/Jun/10

mailing-listx_refsource_FULLDISC

Timeline

Vulnerability published
Jan 16, 2014
Vulnerability Reserved
Feb 19, 2013