oss-sec mailing list archives
CVE request: libsrtp buffer overflow flaw
From: Vincent Danen <vdanen () redhat com>
Date: Tue, 4 Jun 2013 09:51:41 -0600
A buffer overflow flaw was reported in libsrtp, Cisco's reference implementation of the Secure Real-time Transport Protocol (SRTP), in how the crypto_policy_set_from_profile_for_rtp() function applies cryptographic profiles to an srtp_policy. This could allow for a crash of a client linked against libsrtp (like asterisk or linphone). A pull request in git has a patch to correct this issue (doesn't look like it's been merged into master yet though). References: http://seclists.org/fulldisclosure/2013/Jun/10 https://github.com/cisco/libsrtp/pull/26 https://bugzilla.redhat.com/show_bug.cgi?id=970697 As an aside, when I was poking around in github, I also found this but I don't know anything about libsrtp so I don't know if this is something that can be triggered by a remote user or if this is just a hardening thing, but the commit message is "Security fix to not ignore RTCP encryption, if required." https://github.com/cisco/libsrtp/commit/8ad50a05279b61a382da3cc730ff1560ab4272e8 Is there someone more familiar with libsrtp that might be able to comment on whether or not this is a flaw (so can a remote user request to disable encryption and do ... something?) --Vincent Danen / Red Hat Security Response Team
Current thread:
- CVE request: libsrtp buffer overflow flaw Vincent Danen (Jun 04)
- Re: CVE request: libsrtp buffer overflow flaw Kurt Seifried (Jun 04)
- Re: CVE request: libsrtp buffer overflow flaw Vincent Danen (Jun 04)
- Re: CVE request: libsrtp buffer overflow flaw Kurt Seifried (Jun 04)