CVE-2013-2139
Severity CVSS v4.0:
Pending analysis
Type:
CWE-119
Buffer Errors
Publication date:
16/01/2014
Last modified:
11/04/2025
Description
Buffer overflow in srtp.c in libsrtp in srtp 1.4.5 and earlier allows remote attackers to cause a denial of service (crash) via vectors related to a length inconsistency in the crypto_policy_set_from_profile_for_rtp and srtp_protect functions.
Impact
Base Score 2.0
2.60
Severity 2.0
LOW
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:o:fedoraproject:fedora:18:*:*:*:*:*:*:* | ||
| cpe:2.3:o:fedoraproject:fedora:19:*:*:*:*:*:*:* | ||
| cpe:2.3:o:fedoraproject:fedora:20:*:*:*:*:*:*:* | ||
| cpe:2.3:o:opensuse:opensuse:12.3:*:*:*:*:*:*:* | ||
| cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:* | ||
| cpe:2.3:a:cisco:libsrtp:*:*:*:*:*:*:*:* | 1.4.5 (including) | |
| cpe:2.3:a:cisco:libsrtp:1.0.1:*:*:*:*:*:*:* | ||
| cpe:2.3:a:cisco:libsrtp:1.0.2:*:*:*:*:*:*:* | ||
| cpe:2.3:a:cisco:libsrtp:1.0.4:*:*:*:*:*:*:* | ||
| cpe:2.3:a:cisco:libsrtp:1.0.5:*:*:*:*:*:*:* | ||
| cpe:2.3:a:cisco:libsrtp:1.0.6:*:*:*:*:*:*:* | ||
| cpe:2.3:a:cisco:libsrtp:1.3.20:*:*:*:*:*:*:* | ||
| cpe:2.3:a:cisco:libsrtp:1.4.0:*:*:*:*:*:*:* | ||
| cpe:2.3:a:cisco:libsrtp:1.4.1:*:*:*:*:*:*:* | ||
| cpe:2.3:a:cisco:libsrtp:1.4.2:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- http://advisories.mageia.org/MGASA-2014-0465.html
- http://lists.opensuse.org/opensuse-updates/2013-07/msg00083.html
- http://lists.opensuse.org/opensuse-updates/2014-09/msg00059.html
- http://lwn.net/Articles/579633/
- http://seclists.org/fulldisclosure/2013/Jun/10
- http://www.debian.org/security/2014/dsa-2840
- http://www.mandriva.com/security/advisories?name=MDVSA-2014%3A219
- http://www.osvdb.org/93852
- https://bugzilla.redhat.com/show_bug.cgi?id=970697
- https://github.com/cisco/libsrtp/pull/27
- http://advisories.mageia.org/MGASA-2014-0465.html
- http://lists.opensuse.org/opensuse-updates/2013-07/msg00083.html
- http://lists.opensuse.org/opensuse-updates/2014-09/msg00059.html
- http://lwn.net/Articles/579633/
- http://seclists.org/fulldisclosure/2013/Jun/10
- http://www.debian.org/security/2014/dsa-2840
- http://www.mandriva.com/security/advisories?name=MDVSA-2014%3A219
- http://www.osvdb.org/93852
- https://bugzilla.redhat.com/show_bug.cgi?id=970697
- https://github.com/cisco/libsrtp/pull/27