ALAS2-2020-1530 --- libsrtpID: oval:org.secpod.oval:def:1700412 | Date: (C)2020-11-05 (M)2023-08-21 |
Class: PATCH | Family: unix |
Buffer overflow in srtp.c in libsrtp in srtp 1.4.5 and earlier allows remote attackers to cause a denial of service via vectors related to a length inconsistency in the crypto_policy_set_from_profile_for_rtp and srtp_protect functions. The encryption-processing feature in Cisco libSRTP before 1.5.3 allows remote attackers to cause a denial of service via crafted fields in SRTP packets, aka Bug ID CSCux00686