Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
GNU ZRTPCPP before 3.2.0 allows remote attackers to obtain sensitive information (uninitialized heap memory) or cause a denial of service (out-of-bounds read) via a crafted packet, as demonstrated by a truncated Ping packet that is not properly handled by the getEpHash function.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
GNU ZRTPCPP 缓冲区溢出漏洞
Vulnerability Description
GNU ZRTPCPP是一个实现了ZRTP密钥的协商协议(C++库),该协议主要用于协商创建端到端安全VoIP电话所需的加密密钥。 GNU ZRTPCPP 3.2.1及之前的版本中存在缓冲区溢出漏洞,该漏洞源于程序没有正确处理Ping数据包。远程攻击者可通过发送特制的数据包利用该漏洞获得敏感信息(未初始化的堆内存)或造成拒绝服务(越边界读取)。
CVSS Information
N/A
Vulnerability Type
N/A