CVE-2013-2221 Remote Heap Overflow The ZRtp::storeMsgTemp() function is used to temporarily hold a packet in memory so that it may later be hashed/verified. A buffer overflow exists in this function due to a lack of bounds checking of the size of the source buffer. CVE-2013-2222 Multiple Stack Overflows ZRTPCPP contains multiple stack overflows that arise when preparing a response to a client's ZRTP Hello packet. CVE-2013-2223 Information Leaking / Out of Bounds Reads The ZRTPCPP library performs very little validation regarding the expected size of a packet versus the actual amount of data received. This can lead to both information leaking and out of bounds data reads (usually resulting in a crash).
=net-libs/libzrtpcpp-2.3.2 is unmasked in amd64, vulnerable to the above exploits, and does not build correctly. did a version bump of the current ebuild && ebuild libzrtpcpp-2.3.4 digest, and was able to compile without issue.
Arches, please test and stabilize =net-libs/libzrtpcpp-2.3.4. Target arches: amd64 ppc x86. Thanks!
As usual, stabilizing works much better when arches are CC'd.
amd64 stable
x86 stable
ppc stable
GLSA drafted and ready for review.
@maintainers: please clean up affected versions.
Vulnerable versions have been removed from the tree.
This issue was resolved and addressed in GLSA 201309-13 at http://security.gentoo.org/glsa/glsa-201309-13.xml by GLSA coordinator Sean Amoss (ackle).
CVE-2013-2223 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2223): GNU ZRTPCPP before 3.2.0 allows remote attackers to obtain sensitive information (uninitialized heap memory) or cause a denial of service (out-of-bounds read) via a crafted packet, as demonstrated by a truncated Ping packet that is not properly handled by the getEpHash function. CVE-2013-2222 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2222): Multiple stack-based buffer overflows in GNU ZRTPCPP before 3.2.0 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted ZRTP Hello packet to the (1) ZRtp::findBestSASType, (2) ZRtp::findBestAuthLen, (3) ZRtp::findBestCipher, (4) ZRtp::findBestHash, or (5) ZRtp::findBestPubKey functions. CVE-2013-2221 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2221): Heap-based buffer overflow in the ZRtp::storeMsgTemp function in GNU ZRTPCPP before 3.2.0 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large packet.
