Vulnerability Description
Buffer overflow in srtp.c in libsrtp in srtp 1.4.5 and earlier allows remote attackers to cause a denial of service (crash) via vectors related to a length inconsistency in the crypto_policy_set_from_profile_for_rtp and srtp_protect functions.
CVSS Score
LOW
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Fedoraproject | Fedora | 18 |
| Opensuse | Opensuse | 12.3 |
| Cisco | Libsrtp | <= 1.4.5 |
Related Weaknesses (CWE)
References
- http://advisories.mageia.org/MGASA-2014-0465.html
- http://lists.opensuse.org/opensuse-updates/2013-07/msg00083.html
- http://lists.opensuse.org/opensuse-updates/2014-09/msg00059.html
- http://lwn.net/Articles/579633/
- http://seclists.org/fulldisclosure/2013/Jun/10
- http://www.debian.org/security/2014/dsa-2840
- http://www.mandriva.com/security/advisories?name=MDVSA-2014:219
- http://www.osvdb.org/93852
- https://bugzilla.redhat.com/show_bug.cgi?id=970697
- https://github.com/cisco/libsrtp/pull/27
- http://advisories.mageia.org/MGASA-2014-0465.html
- http://lists.opensuse.org/opensuse-updates/2013-07/msg00083.html
- http://lists.opensuse.org/opensuse-updates/2014-09/msg00059.html
- http://lwn.net/Articles/579633/
- http://seclists.org/fulldisclosure/2013/Jun/10
FAQ
What is CVE-2013-2139?
CVE-2013-2139 is a vulnerability with a CVSS score of 2.6 (LOW). Buffer overflow in srtp.c in libsrtp in srtp 1.4.5 and earlier allows remote attackers to cause a denial of service (crash) via vectors related to a length inconsistency in the crypto_policy_set_from_...
How severe is CVE-2013-2139?
CVE-2013-2139 has been rated LOW with a CVSS base score of 2.6/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2013-2139?
Check the references section above for vendor advisories and patch information. Affected products include: Fedoraproject Fedora, Opensuse Opensuse, Cisco Libsrtp.