mailing list archives
Re: CVE request: Multiple issues in GNU ZRTPCPP
From: Kurt Seifried <kseifried () redhat com>
Date: Sun, 30 Jun 2013 16:27:55 -0600
-----BEGIN PGP SIGNED MESSAGE-----
On 06/29/2013 08:05 AM, Dan Rosenberg wrote:
I'd like to request CVEs for multiple security vulnerabilities
discovered, reported, and published by Mark Dowd of Azimuth
Security in GNU ZRTPCPP, an open-source ZRTP implementation used in
a number of "secure phone" solutions:
guess since this is on the front page of Slashdot I should get the
CVEs for it out =)
1. Remote heap overflow
A remote attacker can cause a heap-based buffer overflow by sending
an overly-large ZRTP packet of several possible types, including a
"Hello" packet. Successful exploitation would allow an attacker to
execute arbitrary code in the context of a vulnerable application.
Please use CVE-2013-2221 for this issue.
2. Multiple remote stack overflows
A remote attacker can cause multiple stack-based buffer overflows
by sending a malformed ZRTP Hello packet with an overly-large value
in certain fields, including the count of public keys. Exploitation
may be difficult due to the details of the layout of stack
variables in memory, but successful exploitation would allow an
attacker to execute arbitrary code in the context of a vulnerable
Please use CVE-2013-2222 for this issue.
3. Multiple remote heap memory disclosures
By sending a truncated ZRTP Ping packet, the response packet will
include several bytes of the affected application's heap memory due
to a lack of validation on the incoming packet. This flaw could be
exploited to gain knowledge about the heap state of an affected
application to enable further attacks, or potentially reveal
sensitive information stored on the heap.
Please use CVE-2013-2223 for this issue.
The fixes for all of these flaws were included in the following
Kurt Seifried Red Hat Security Response Team (SRT)
PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.13 (GNU/Linux)
-----END PGP SIGNATURE-----