CVE-2013-2139Improper Restriction of Operations within the Bounds of a Memory Buffer in Cisco Libsrtp

CWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer5 documents5 sources
Severity
2.6LOWNVD
EPSS
1.8%
top 17.14%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Cisco LibsrtpFedoraproject FedoraOpensuse
Timeline
PublishedJan 16
Latest updateMay 14

Description

Buffer overflow in srtp.c in libsrtp in srtp 1.4.5 and earlier allows remote attackers to cause a denial of service (crash) via vectors related to a length inconsistency in the crypto_policy_set_from_profile_for_rtp and srtp_protect functions.

CVSS vector

AV:N/AC:H/C:N/I:N/A:PExploitability: 4.9 | Impact: 2.9

Affected Packages2 packages

NVDcisco/libsrtp1.4.5+10
NVDopensuse/opensuse12.3, 13.1+1

Also affects: Fedora 18, 19, 20

🔴Vulnerability Details

2
GHSA
GHSA-p6g5-gwj7-cvr6: Buffer overflow in srtp2022-05-14
CVEList
CVE-2013-2139: Buffer overflow in srtp2014-01-16

📋Vendor Advisories

1
Red Hat
libsrtp: buffer overflow in application of crypto profiles2013-05-30

💬Community

1
Bugzilla
CVE-2013-2139 libsrtp: buffer overflow in application of crypto profiles2013-06-04
CVE-2013-2139 — Cisco Libsrtp vulnerability | cvebase