CVE-2013-2139
Published Jan 16, 2014
Last updated 6 years ago
Overview
- Description
- Buffer overflow in srtp.c in libsrtp in srtp 1.4.5 and earlier allows remote attackers to cause a denial of service (crash) via vectors related to a length inconsistency in the crypto_policy_set_from_profile_for_rtp and srtp_protect functions.
- Source
- secalert@redhat.com
- NVD status
- Analyzed
Risk scores
CVSS 2.0
- Type
- Primary
- Base score
- 2.6
- Impact score
- 2.9
- Exploitability score
- 4.9
- Vector string
- AV:N/AC:H/Au:N/C:N/I:N/A:P
Weaknesses
- nvd@nist.gov
- CWE-119
Social media
- Hype score
- Not currently trending
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:18:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "E14271AE-1309-48F3-B9C6-D7DEEC488279"
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:19:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "5991814D-CA77-4C25-90D2-DB542B17E0AD"
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:20:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "FF47C9F0-D8DA-4B55-89EB-9B2C9383ADB9"
},
{
"criteria": "cpe:2.3:o:opensuse:opensuse:12.3:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "DFBF430B-0832-44B0-AA0E-BA9E467F7668"
},
{
"criteria": "cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "A10BC294-9196-425F-9FB0-B1625465B47F"
}
],
"operator": "OR"
}
]
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:libsrtp:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "C0366C4E-3BB9-4213-AC34-E6468361CB30",
"versionEndIncluding": "1.4.5"
},
{
"criteria": "cpe:2.3:a:cisco:libsrtp:1.0.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "1E0C77E7-FCE4-4F98-877C-4D42FE151922"
},
{
"criteria": "cpe:2.3:a:cisco:libsrtp:1.0.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "788EFE4D-6D30-4441-81F3-FC175E093630"
},
{
"criteria": "cpe:2.3:a:cisco:libsrtp:1.0.4:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "4ADFEF4E-BA80-4EB0-92DB-24C12C796B5A"
},
{
"criteria": "cpe:2.3:a:cisco:libsrtp:1.0.5:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "ABFA2003-55AB-41E7-92D6-CD311A9948E3"
},
{
"criteria": "cpe:2.3:a:cisco:libsrtp:1.0.6:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "56BA5BC7-1B3B-4390-A4AD-1914E924DE7C"
},
{
"criteria": "cpe:2.3:a:cisco:libsrtp:1.3.20:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "F8278F0E-7562-4B03-B431-1FF8256C1602"
},
{
"criteria": "cpe:2.3:a:cisco:libsrtp:1.4.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "162F62DE-8CD6-4677-B643-929D959480AB"
},
{
"criteria": "cpe:2.3:a:cisco:libsrtp:1.4.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "34931F97-C976-46BA-958F-DCF161952045"
},
{
"criteria": "cpe:2.3:a:cisco:libsrtp:1.4.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "FEA1CDFC-6D85-4596-ACEF-D43B59737454"
},
{
"criteria": "cpe:2.3:a:cisco:libsrtp:1.4.4:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "5CB51CAE-05B6-4542-B934-D94C381BC2B0"
}
],
"operator": "OR"
}
]
}
]