CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
EPSS
Percentile
75.4%
Buffer overflow in libsrtp in Ingate Firewall before 4.6.0 and SIParator
before 4.6.0 has unknown impact and attack vectors. NOTE: it is not clear
whether this issue crosses privilege boundaries.
Author | Note |
---|---|
jdstrand | according to http://bugs.digium.com/view.php?id=5413#39752, Ingate’s libsrtp is based on Cisco’s libsrtp (which is what is in universe). This lib is BSD licensed and I can’t find Ingate’s source. As such, I am leaving this as ‘needs-triage’ |
mdeslaur | no details that srtp was ever affected by this, let’s ignore |