Debian: 2840-1: srtp: buffer overflow

Posted by Ridcully on Jan 14, 2014 3:26 AM EDT; By Benjamin D. Thomas
Mail this story
Print this story

Fernando Russ from Groundworks Technologies reported a buffer overflow flaw in srtp, Cisco's reference implementation of the Secure Real-time Transport Protocol (SRTP), in how the crypto_policy_set_from_profile_for_rtp() function applies applies cryptographic profiles to an srtp_policy. A remote attacker could exploit this vulnerability to crash an application linked against libsrtp, resulting in a denial of service.

Full Story

» Read more about: Story Type: Security; Groups: Debian

« Return to the newswire homepage

This topic does not have any threads posted yet!

You cannot post until you login.