DescriptionGNU ZRTPCPP before 3.2.0 allows remote attackers to obtain sensitive information (uninitialized heap memory) or cause a denial of service (out-of-bounds read) via a crafted packet, as demonstrated by a truncated Ping packet that is not properly handled by the getEpHash function.
Overall state of this security issue: Does not affect SUSE products
This issue is currently rated as having moderate severity.
|National Vulnerability Database|
- openSUSE-SU-2013:1599-1, published Tue, 29 Oct 2013 12:04:12 +0100 (CET)
- openSUSE-SU-2013:1600-1, published Tue, 29 Oct 2013 14:04:11 +0100 (CET)
List of released packages
|Product(s)||Fixed package version(s)||References|
|openSUSE Tumbleweed|| ||Patchnames: |
openSUSE Tumbleweed GA libzrtpcpp-devel-4.6.4-1.1