CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:N/A:P
EPSS
Percentile
90.4%
GNU ZRTPCPP before 3.2.0 allows remote attackers to obtain sensitive
information (uninitialized heap memory) or cause a denial of service
(out-of-bounds read) via a crafted packet, as demonstrated by a truncated
Ping packet that is not properly handled by the getEpHash function.