FKIE_CVE-2013-2139

Vulnerability from fkie_nvd - Published: 2014-01-16 05:05 - Updated: 2025-04-11 00:51
Severity ?
Summary
Buffer overflow in srtp.c in libsrtp in srtp 1.4.5 and earlier allows remote attackers to cause a denial of service (crash) via vectors related to a length inconsistency in the crypto_policy_set_from_profile_for_rtp and srtp_protect functions.
References
secalert@redhat.comhttp://advisories.mageia.org/MGASA-2014-0465.html
secalert@redhat.comhttp://lists.opensuse.org/opensuse-updates/2013-07/msg00083.html
secalert@redhat.comhttp://lists.opensuse.org/opensuse-updates/2014-09/msg00059.html
secalert@redhat.comhttp://lwn.net/Articles/579633/
secalert@redhat.comhttp://seclists.org/fulldisclosure/2013/Jun/10
secalert@redhat.comhttp://www.debian.org/security/2014/dsa-2840
secalert@redhat.comhttp://www.mandriva.com/security/advisories?name=MDVSA-2014:219
secalert@redhat.comhttp://www.osvdb.org/93852
secalert@redhat.comhttps://bugzilla.redhat.com/show_bug.cgi?id=970697
secalert@redhat.comhttps://github.com/cisco/libsrtp/pull/27
af854a3a-2127-422b-91ae-364da2661108http://advisories.mageia.org/MGASA-2014-0465.html
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-updates/2013-07/msg00083.html
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-updates/2014-09/msg00059.html
af854a3a-2127-422b-91ae-364da2661108http://lwn.net/Articles/579633/
af854a3a-2127-422b-91ae-364da2661108http://seclists.org/fulldisclosure/2013/Jun/10
af854a3a-2127-422b-91ae-364da2661108http://www.debian.org/security/2014/dsa-2840
af854a3a-2127-422b-91ae-364da2661108http://www.mandriva.com/security/advisories?name=MDVSA-2014:219
af854a3a-2127-422b-91ae-364da2661108http://www.osvdb.org/93852
af854a3a-2127-422b-91ae-364da2661108https://bugzilla.redhat.com/show_bug.cgi?id=970697
af854a3a-2127-422b-91ae-364da2661108https://github.com/cisco/libsrtp/pull/27
Impacted products
Vendor Product Version
fedoraproject fedora 18
fedoraproject fedora 19
fedoraproject fedora 20
opensuse opensuse 12.3
opensuse opensuse 13.1
cisco libsrtp *
cisco libsrtp 1.0.1
cisco libsrtp 1.0.2
cisco libsrtp 1.0.4
cisco libsrtp 1.0.5
cisco libsrtp 1.0.6
cisco libsrtp 1.3.20
cisco libsrtp 1.4.0
cisco libsrtp 1.4.1
cisco libsrtp 1.4.2
cisco libsrtp 1.4.4
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:fedoraproject:fedora:18:*:*:*:*:*:*:*",
              "matchCriteriaId": "E14271AE-1309-48F3-B9C6-D7DEEC488279",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fedoraproject:fedora:19:*:*:*:*:*:*:*",
              "matchCriteriaId": "5991814D-CA77-4C25-90D2-DB542B17E0AD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fedoraproject:fedora:20:*:*:*:*:*:*:*",
              "matchCriteriaId": "FF47C9F0-D8DA-4B55-89EB-9B2C9383ADB9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:opensuse:opensuse:12.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "DFBF430B-0832-44B0-AA0E-BA9E467F7668",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "A10BC294-9196-425F-9FB0-B1625465B47F",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:cisco:libsrtp:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "C0366C4E-3BB9-4213-AC34-E6468361CB30",
              "versionEndIncluding": "1.4.5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:libsrtp:1.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "1E0C77E7-FCE4-4F98-877C-4D42FE151922",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:libsrtp:1.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "788EFE4D-6D30-4441-81F3-FC175E093630",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:libsrtp:1.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "4ADFEF4E-BA80-4EB0-92DB-24C12C796B5A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:libsrtp:1.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "ABFA2003-55AB-41E7-92D6-CD311A9948E3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:libsrtp:1.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "56BA5BC7-1B3B-4390-A4AD-1914E924DE7C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:libsrtp:1.3.20:*:*:*:*:*:*:*",
              "matchCriteriaId": "F8278F0E-7562-4B03-B431-1FF8256C1602",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:libsrtp:1.4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "162F62DE-8CD6-4677-B643-929D959480AB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:libsrtp:1.4.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "34931F97-C976-46BA-958F-DCF161952045",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:libsrtp:1.4.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "FEA1CDFC-6D85-4596-ACEF-D43B59737454",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:libsrtp:1.4.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "5CB51CAE-05B6-4542-B934-D94C381BC2B0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Buffer overflow in srtp.c in libsrtp in srtp 1.4.5 and earlier allows remote attackers to cause a denial of service (crash) via vectors related to a length inconsistency in the crypto_policy_set_from_profile_for_rtp and srtp_protect functions."
    },
    {
      "lang": "es",
      "value": "Desbordamiento de b\u00fafer en srtp.c en libsrtp en srtp 1.4.5 y anteriores permite a atacantes remotos provocar una denegaci\u00f3n de servicio (ca\u00edda) a trav\u00e9s de vectores relacionados con una inconsistencia en la longitud de las funciones  crypto_policy_set_from_profile_for_rtp y  srtp_protect."
    }
  ],
  "id": "CVE-2013-2139",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "HIGH",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 2.6,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:H/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 4.9,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2014-01-16T05:05:23.947",
  "references": [
    {
      "source": "secalert@redhat.com",
      "url": "http://advisories.mageia.org/MGASA-2014-0465.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://lists.opensuse.org/opensuse-updates/2013-07/msg00083.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://lists.opensuse.org/opensuse-updates/2014-09/msg00059.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://lwn.net/Articles/579633/"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://seclists.org/fulldisclosure/2013/Jun/10"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.debian.org/security/2014/dsa-2840"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:219"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.osvdb.org/93852"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=970697"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://github.com/cisco/libsrtp/pull/27"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://advisories.mageia.org/MGASA-2014-0465.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.opensuse.org/opensuse-updates/2013-07/msg00083.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.opensuse.org/opensuse-updates/2014-09/msg00059.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lwn.net/Articles/579633/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://seclists.org/fulldisclosure/2013/Jun/10"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.debian.org/security/2014/dsa-2840"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:219"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.osvdb.org/93852"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=970697"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://github.com/cisco/libsrtp/pull/27"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-119"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.