CVE-2013-2139

Published: Jan 16, 2014Modified: Apr 29, 2026

2.6

Vector

AV:N/AC:H/Au:N/C:N/I:N/A:P

Exploitability: 4.9 / Impact: 2.9

Source: NVD

Description

Buffer overflow in srtp.c in libsrtp in srtp 1.4.5 and earlier allows remote attackers to cause a denial of service (crash) via vectors related to a length inconsistency in the crypto_policy_set_from_profile_for_rtp and srtp_protect functions.

Affected (16)

Products: Fedoraproject: Fedora · Opensuse: Opensuse · Cisco: Libsrtp

1 product

1 product

1 product

Configuration A

5 vulnerable

Vulnerable Software	Affected Versions
Fedoraproject Fedora	Version 18
Fedoraproject Fedora	Version 19
Fedoraproject Fedora	Version 20
Opensuse Opensuse	Version 12.3
Opensuse Opensuse	Version 13.1

Configuration B

11 vulnerable

Vulnerable Software	Affected Versions
Cisco Libsrtp	Up to 1.4.5
Cisco Libsrtp	Version 1.0.1
Cisco Libsrtp	Version 1.0.2
Cisco Libsrtp	Version 1.0.4
Cisco Libsrtp	Version 1.0.5
Cisco Libsrtp	Version 1.0.6
Cisco Libsrtp	Version 1.3.20
Cisco Libsrtp	Version 1.4.0
Cisco Libsrtp	Version 1.4.1
Cisco Libsrtp	Version 1.4.2
Cisco Libsrtp	Version 1.4.4

Related CWEs

Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

References (20)

http://advisories.mageia.org/MGASA-2014-0465.html

Source: secalert@redhat.com

http://lists.opensuse.org/opensuse-updates/2013-07/msg00083.html

Source: secalert@redhat.com

http://lists.opensuse.org/opensuse-updates/2014-09/msg00059.html

Source: secalert@redhat.com

http://lwn.net/Articles/579633/

Source: secalert@redhat.com

http://seclists.org/fulldisclosure/2013/Jun/10

Source: secalert@redhat.com

http://www.debian.org/security/2014/dsa-2840

Source: secalert@redhat.com

http://www.mandriva.com/security/advisories?name=MDVSA-2014:219

Source: secalert@redhat.com

http://www.osvdb.org/93852

Source: secalert@redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=970697

Source: secalert@redhat.com

https://github.com/cisco/libsrtp/pull/27

Source: secalert@redhat.com

http://advisories.mageia.org/MGASA-2014-0465.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://lists.opensuse.org/opensuse-updates/2013-07/msg00083.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://lists.opensuse.org/opensuse-updates/2014-09/msg00059.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://lwn.net/Articles/579633/

Source: af854a3a-2127-422b-91ae-364da2661108

http://seclists.org/fulldisclosure/2013/Jun/10

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.debian.org/security/2014/dsa-2840

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.mandriva.com/security/advisories?name=MDVSA-2014:219

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.osvdb.org/93852

Source: af854a3a-2127-422b-91ae-364da2661108

https://bugzilla.redhat.com/show_bug.cgi?id=970697

Source: af854a3a-2127-422b-91ae-364da2661108

https://github.com/cisco/libsrtp/pull/27

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.