CVE-2013-2221 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	7.5 UNKNOWN	NETWORK	LOW		AV:N/AC:L/Au:N/C:P/I:P/A:P
redhat	CNA	---				---
CVE	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 86%

Vendor	Product	Version
wernerd	zrtpcpp	𝑥 ≤ 3.2.1
wernerd	zrtpcpp	2.1.2
wernerd	zrtpcpp	2.2.0
wernerd	zrtpcpp	2.3.0
wernerd	zrtpcpp	3.0.0:alpha
wernerd	zrtpcpp	3.1.0
wernerd	zrtpcpp	3.2.0

𝑥

= Vulnerable software versions

Ubuntu Releases

Ubuntu Product

Codename

libzrtpcpp

disco	dne
cosmic	dne
bionic	dne
artful	dne
zesty	dne
yakkety	not-affected
xenial	not-affected
wily	ignored
vivid	ignored
utopic	ignored
trusty	dne
saucy	ignored
raring	ignored
quantal	ignored
precise	ignored
lucid	ignored

Known Exploits!

Common Weakness Enumeration

CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer
The software performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.

References

http://blog.azimuthsecurity.com/2013/06/attacking-crypto-phones-weaknesses-in.html

http://lists.opensuse.org/opensuse-updates/2013-10/msg00052.html

http://lists.opensuse.org/opensuse-updates/2013-10/msg00053.html

http://seclists.org/oss-sec/2013/q2/638

http://secunia.com/advisories/53818

http://secunia.com/advisories/54998

http://security.gentoo.org/glsa/glsa-201309-13.xml

https://github.com/wernerd/ZRTPCPP/commit/4654f330317c9948bb61d138eb24d49690ca4637

http://blog.azimuthsecurity.com/2013/06/attacking-crypto-phones-weaknesses-in.html

http://lists.opensuse.org/opensuse-updates/2013-10/msg00052.html

http://lists.opensuse.org/opensuse-updates/2013-10/msg00053.html

http://seclists.org/oss-sec/2013/q2/638

http://secunia.com/advisories/53818

http://secunia.com/advisories/54998

http://security.gentoo.org/glsa/glsa-201309-13.xml

https://github.com/wernerd/ZRTPCPP/commit/4654f330317c9948bb61d138eb24d49690ca4637