Details of VAR-201401-0088

ID

VAR-201401-0088

CVE

CVE-2013-2139

TITLE

SRTP of Libsrtp of srtp.c Vulnerable to buffer overflow

Trust: 0.8

sources: JVNDB: JVNDB-2013-005852

DESCRIPTION

Buffer overflow in srtp.c in libsrtp in srtp 1.4.5 and earlier allows remote attackers to cause a denial of service (crash) via vectors related to a length inconsistency in the crypto_policy_set_from_profile_for_rtp and srtp_protect functions. libsrtp is prone to a buffer-overflow vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the affected application. Failed exploit attempts will result in denial-of-service conditions. RTP is used for Voice over IP (VoIP) and audio and video streaming. SRTP adds privacy and authentication. There are buffer overflow vulnerabilities in the 'crypto_policy_set_from_profile_for_rtp' and 'srtp_protect' functions in the srtp.c file of the libsrtp library in srtp 1.4.5 and earlier versions. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2139 http://advisories.mageia.org/MGASA-2014-0465.html _______________________________________________________________________ Updated Packages: Mandriva Business Server 1/X86_64: e0447c9fa33ab8edce9657a5dce43fc7 mbs1/x86_64/srtp-1.4.4-3.1.mbs1.x86_64.rpm 745fcb1bd29913e979132a27511dd807 mbs1/SRPMS/srtp-1.4.4-3.1.mbs1.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2840-1 security@debian.org http://www.debian.org/security/ Salvatore Bonaccorso January 10, 2014 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : srtp Vulnerability : buffer overflow Problem type : remote Debian-specific: no CVE ID : CVE-2013-2139 Debian Bug : 711163 Fernando Russ from Groundworks Technologies reported a buffer overflow flaw in srtp, Cisco's reference implementation of the Secure Real-time Transport Protocol (SRTP), in how the crypto_policy_set_from_profile_for_rtp() function applies cryptographic profiles to an srtp_policy. For the oldstable distribution (squeeze), this problem has been fixed in version 1.4.4~dfsg-6+deb6u1. For the stable distribution (wheezy), this problem has been fixed in version 1.4.4+20100615~dfsg-2+deb7u1. For the testing distribution (jessie), this problem has been fixed in version 1.4.5~20130609~dfsg-1. For the unstable distribution (sid), this problem has been fixed in version 1.4.5~20130609~dfsg-1. We recommend that you upgrade your srtp packages. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: libsrtp security and bug fix update Advisory ID: RHSA-2020:3873-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2020:3873 Issue date: 2020-09-29 CVE Names: CVE-2013-2139 CVE-2015-6360 ==================================================================== 1. Summary: An update for libsrtp is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64 3. Description: The libsrtp package provides an implementation of the Secure Real-time Transport Protocol (SRTP), the Universal Security Transform (UST), and a supporting cryptographic kernel. Security Fix(es): * libsrtp: improper handling of CSRC count and extension header length in RTP header (CVE-2015-6360) * libsrtp: buffer overflow in application of crypto profiles (CVE-2013-2139) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.9 Release Notes linked from the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 970697 - CVE-2013-2139 libsrtp: buffer overflow in application of crypto profiles 1301202 - libsrtp global-buffer-overflow 1323702 - CVE-2015-6360 libsrtp: improper handling of CSRC count and extension header length in RTP header 1323705 - CVE-2015-6360 libsrtp: improper handling of CSRC count and extension header length in RTP header [rhel-7] 6. Package List: Red Hat Enterprise Linux Client (v. 7): Source: libsrtp-1.4.4-11.20101004cvs.el7.src.rpm x86_64: libsrtp-1.4.4-11.20101004cvs.el7.i686.rpm libsrtp-1.4.4-11.20101004cvs.el7.x86_64.rpm libsrtp-debuginfo-1.4.4-11.20101004cvs.el7.i686.rpm libsrtp-debuginfo-1.4.4-11.20101004cvs.el7.x86_64.rpm Red Hat Enterprise Linux Client Optional (v. 7): x86_64: libsrtp-debuginfo-1.4.4-11.20101004cvs.el7.i686.rpm libsrtp-debuginfo-1.4.4-11.20101004cvs.el7.x86_64.rpm libsrtp-devel-1.4.4-11.20101004cvs.el7.i686.rpm libsrtp-devel-1.4.4-11.20101004cvs.el7.x86_64.rpm Red Hat Enterprise Linux ComputeNode (v. 7): Source: libsrtp-1.4.4-11.20101004cvs.el7.src.rpm x86_64: libsrtp-1.4.4-11.20101004cvs.el7.i686.rpm libsrtp-1.4.4-11.20101004cvs.el7.x86_64.rpm libsrtp-debuginfo-1.4.4-11.20101004cvs.el7.i686.rpm libsrtp-debuginfo-1.4.4-11.20101004cvs.el7.x86_64.rpm Red Hat Enterprise Linux ComputeNode Optional (v. 7): x86_64: libsrtp-debuginfo-1.4.4-11.20101004cvs.el7.i686.rpm libsrtp-debuginfo-1.4.4-11.20101004cvs.el7.x86_64.rpm libsrtp-devel-1.4.4-11.20101004cvs.el7.i686.rpm libsrtp-devel-1.4.4-11.20101004cvs.el7.x86_64.rpm Red Hat Enterprise Linux Server (v. 7): Source: libsrtp-1.4.4-11.20101004cvs.el7.src.rpm ppc64: libsrtp-1.4.4-11.20101004cvs.el7.ppc.rpm libsrtp-1.4.4-11.20101004cvs.el7.ppc64.rpm libsrtp-debuginfo-1.4.4-11.20101004cvs.el7.ppc.rpm libsrtp-debuginfo-1.4.4-11.20101004cvs.el7.ppc64.rpm ppc64le: libsrtp-1.4.4-11.20101004cvs.el7.ppc64le.rpm libsrtp-debuginfo-1.4.4-11.20101004cvs.el7.ppc64le.rpm s390x: libsrtp-1.4.4-11.20101004cvs.el7.s390.rpm libsrtp-1.4.4-11.20101004cvs.el7.s390x.rpm libsrtp-debuginfo-1.4.4-11.20101004cvs.el7.s390.rpm libsrtp-debuginfo-1.4.4-11.20101004cvs.el7.s390x.rpm x86_64: libsrtp-1.4.4-11.20101004cvs.el7.i686.rpm libsrtp-1.4.4-11.20101004cvs.el7.x86_64.rpm libsrtp-debuginfo-1.4.4-11.20101004cvs.el7.i686.rpm libsrtp-debuginfo-1.4.4-11.20101004cvs.el7.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 7): ppc64: libsrtp-debuginfo-1.4.4-11.20101004cvs.el7.ppc.rpm libsrtp-debuginfo-1.4.4-11.20101004cvs.el7.ppc64.rpm libsrtp-devel-1.4.4-11.20101004cvs.el7.ppc.rpm libsrtp-devel-1.4.4-11.20101004cvs.el7.ppc64.rpm ppc64le: libsrtp-debuginfo-1.4.4-11.20101004cvs.el7.ppc64le.rpm libsrtp-devel-1.4.4-11.20101004cvs.el7.ppc64le.rpm s390x: libsrtp-debuginfo-1.4.4-11.20101004cvs.el7.s390.rpm libsrtp-debuginfo-1.4.4-11.20101004cvs.el7.s390x.rpm libsrtp-devel-1.4.4-11.20101004cvs.el7.s390.rpm libsrtp-devel-1.4.4-11.20101004cvs.el7.s390x.rpm x86_64: libsrtp-debuginfo-1.4.4-11.20101004cvs.el7.i686.rpm libsrtp-debuginfo-1.4.4-11.20101004cvs.el7.x86_64.rpm libsrtp-devel-1.4.4-11.20101004cvs.el7.i686.rpm libsrtp-devel-1.4.4-11.20101004cvs.el7.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 7): Source: libsrtp-1.4.4-11.20101004cvs.el7.src.rpm x86_64: libsrtp-1.4.4-11.20101004cvs.el7.i686.rpm libsrtp-1.4.4-11.20101004cvs.el7.x86_64.rpm libsrtp-debuginfo-1.4.4-11.20101004cvs.el7.i686.rpm libsrtp-debuginfo-1.4.4-11.20101004cvs.el7.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 7): x86_64: libsrtp-debuginfo-1.4.4-11.20101004cvs.el7.i686.rpm libsrtp-debuginfo-1.4.4-11.20101004cvs.el7.x86_64.rpm libsrtp-devel-1.4.4-11.20101004cvs.el7.i686.rpm libsrtp-devel-1.4.4-11.20101004cvs.el7.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2013-2139 https://access.redhat.com/security/cve/CVE-2015-6360 https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/7.9_release_notes/index 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2020 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBX3OeoNzjgjWX9erEAQiDzQ/+IXUAdmMRlgeg/t8Z+ApQ4ur4BxO/WRBl 5Nd8anDnQzl3uduHgXz7AcsbON2M/jWq5xUfgdydHT8fEQ7g814QbTeNMsbEQ1zS Cuv1XztiGKy5fY5my3P80+kM+tL5uFfZ22oJqpSfS7sqGFzWEl1j+TldgURSva1G XbNudX77Gp975wMDVPJlA9S9Puf59Cz6DQaoYu5Fqzwka8z1RWOdR1IfFlAcBGrO NODvSxOZB+FDzvwikgoVTNay+e7ct+Yb1Ygg1nsGjyexinkchiuKDX2Mnv1Sc/JP vaHARZmpN6llZ8Vo++hd8WGFhsIzocqF0dposlj/PmtuoFydu7x5zpluEFc2mVaM pNCwzggc8BforUdoo6z27qqpiU0o/eTmVR97Jtbzm5BTs+28IGwg6iz374VdoAeP wy1XTj2WBw0ys+0UVkAxwiSWit6RuPRhRf85B7IPsW1BwkvPm4nAi45+50cTUQ5S PldnrWd9VILcfmj1ThdevaiFjkHrAZE4HFRxd1V3uIdIwZyvtP7w4wrt8ma51CyZ isP53JER/PhJY4du3deCo4qqca5SyecLTj/gbqXoPQFn6ppUbNacWPwadjDRA5Nu qPQVoSW8Z+L91vtqM+SGapuxNN0OuqiPFcWOlMyrM8R8MqKIhTQaTLQZE1vCJx5e AhxrRaOeyWw=X+yJ -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201405-02 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: libSRTP: Denial of Service Date: May 03, 2014 Bugs: #472302 ID: 201405-02 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== A vulnerability in libSRTP can result in a Denial of Service condition. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 net-libs/libsrtp < 1.4.4_p20121108-r1>= 1.4.4_p20121108-r1 Description =========== A flaw was found in how the crypto_policy_set_from_profile_for_rtp() function applies cryptographic profiles to an srtp_policy in libSRTP. Workaround ========== There is no known workaround at this time. Resolution ========== All libSRTP users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot -v ">=net-libs/libsrtp-1.4.4_p20121108-r1" References ========== [ 1 ] CVE-2013-2139 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2139 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-201405-02.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2014 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5

Trust: 2.34

sources: NVD: CVE-2013-2139 // JVNDB: JVNDB-2013-005852 // BID: 60323 // VULHUB: VHN-62141 // PACKETSTORM: 129219 // PACKETSTORM: 124742 // PACKETSTORM: 159345 // PACKETSTORM: 126477

AFFECTED PRODUCTS

vendor:	cisco	model:	libsrtp	scope:	lte	version:	1.4.5	Trust: 1.8
vendor:	cisco	model:	libsrtp	scope:	eq	version:	1.4.0	Trust: 1.6
vendor:	cisco	model:	libsrtp	scope:	eq	version:	1.0.2	Trust: 1.6
vendor:	cisco	model:	libsrtp	scope:	eq	version:	1.4.1	Trust: 1.6
vendor:	cisco	model:	libsrtp	scope:	eq	version:	1.0.5	Trust: 1.6
vendor:	cisco	model:	libsrtp	scope:	eq	version:	1.0.4	Trust: 1.6
vendor:	cisco	model:	libsrtp	scope:	eq	version:	1.4.2	Trust: 1.6
vendor:	cisco	model:	libsrtp	scope:	eq	version:	1.3.20	Trust: 1.6
vendor:	cisco	model:	libsrtp	scope:	eq	version:	1.0.6	Trust: 1.6
vendor:	cisco	model:	libsrtp	scope:	eq	version:	1.0.1	Trust: 1.6
vendor:	fedoraproject	model:	fedora	scope:	eq	version:	20	Trust: 1.0
vendor:	cisco	model:	libsrtp	scope:	eq	version:	1.4.4	Trust: 1.0
vendor:	fedoraproject	model:	fedora	scope:	eq	version:	19	Trust: 1.0
vendor:	fedoraproject	model:	fedora	scope:	eq	version:	18	Trust: 1.0
vendor:	opensuse	model:	opensuse	scope:	eq	version:	12.3	Trust: 1.0
vendor:	opensuse	model:	opensuse	scope:	eq	version:	13.1	Trust: 1.0
vendor:	fedora	model:	fedora	scope:	eq	version:	18	Trust: 0.8
vendor:	fedora	model:	fedora	scope:	eq	version:	19	Trust: 0.8
vendor:	fedora	model:	fedora	scope:	eq	version:	20	Trust: 0.8
vendor:	novell	model:	opensuse	scope:	eq	version:	12.3	Trust: 0.8
vendor:	mandriva	model:	business server	scope:	eq	version:	1x8664	Trust: 0.3
vendor:	mandriva	model:	business server	scope:	eq	version:	1	Trust: 0.3
vendor:	gentoo	model:	linux	scope:	-	version:	-	Trust: 0.3
vendor:	debian	model:	linux sparc	scope:	eq	version:	6.0	Trust: 0.3
vendor:	debian	model:	linux s/390	scope:	eq	version:	6.0	Trust: 0.3
vendor:	debian	model:	linux powerpc	scope:	eq	version:	6.0	Trust: 0.3
vendor:	debian	model:	linux mips	scope:	eq	version:	6.0	Trust: 0.3
vendor:	debian	model:	linux ia-64	scope:	eq	version:	6.0	Trust: 0.3
vendor:	debian	model:	linux ia-32	scope:	eq	version:	6.0	Trust: 0.3
vendor:	debian	model:	linux arm	scope:	eq	version:	6.0	Trust: 0.3
vendor:	debian	model:	linux amd64	scope:	eq	version:	6.0	Trust: 0.3
vendor:	cisco	model:	libsrtp	scope:	eq	version:	0	Trust: 0.3

sources: BID: 60323 // JVNDB: JVNDB-2013-005852 // CNNVD: CNNVD-201306-056 // NVD: CVE-2013-2139

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2013-2139
value:	LOW
Trust: 1.0
NVD:	CVE-2013-2139
value:	LOW
Trust: 0.8
CNNVD:	CNNVD-201306-056
value:	LOW
Trust: 0.6
VULHUB:	VHN-62141
value:	LOW
Trust: 0.1

nvd@nist.gov:	CVE-2013-2139
severity:	LOW
baseScore:	2.6
vectorString:	AV:N/AC:H/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	HIGH
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	4.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-62141
severity:	LOW
baseScore:	2.6
vectorString:	AV:N/AC:H/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	HIGH
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	4.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-62141 // JVNDB: JVNDB-2013-005852 // CNNVD: CNNVD-201306-056 // NVD: CVE-2013-2139

PROBLEMTYPE DATA

problemtype:

CWE-119

Trust: 1.9

sources: VULHUB: VHN-62141 // JVNDB: JVNDB-2013-005852 // NVD: CVE-2013-2139

THREAT TYPE

remote

Trust: 0.8

sources: PACKETSTORM: 129219 // PACKETSTORM: 124742 // CNNVD: CNNVD-201306-056

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-201306-056

CONFIGURATIONS

sources: JVNDB: JVNDB-2013-005852

EXPLOIT AVAILABILITY

sources: VULHUB: VHN-62141

PATCH

title:	DSA-2840	url:	http://www.debian.org/security/2014/dsa-2840	Trust: 0.8
title:	FEDORA-2013-24153	url:	http://lwn.net/Articles/579633/	Trust: 0.8
title:	Docupdate	url:	https://github.com/cisco/libsrtp/pull/27	Trust: 0.8
title:	openSUSE-SU-2013:1258	url:	http://lists.opensuse.org/opensuse-updates/2013-07/msg00083.html	Trust: 0.8
title:	Bug 970697	url:	https://bugzilla.redhat.com/show_bug.cgi?id=970697	Trust: 0.8
title:	srtp	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=47629	Trust: 0.6

sources: JVNDB: JVNDB-2013-005852 // CNNVD: CNNVD-201306-056

EXTERNAL IDS

db:	NVD	id:	CVE-2013-2139	Trust: 3.2
db:	OSVDB	id:	93852	Trust: 1.1
db:	PACKETSTORM	id:	159345	Trust: 0.8
db:	JVNDB	id:	JVNDB-2013-005852	Trust: 0.8
db:	CNNVD	id:	CNNVD-201306-056	Trust: 0.7
db:	AUSCERT	id:	ESB-2020.3354	Trust: 0.6
db:	BID	id:	60323	Trust: 0.4
db:	PACKETSTORM	id:	124742	Trust: 0.2
db:	PACKETSTORM	id:	129219	Trust: 0.2
db:	PACKETSTORM	id:	126477	Trust: 0.2
db:	VULHUB	id:	VHN-62141	Trust: 0.1

sources: VULHUB: VHN-62141 // BID: 60323 // JVNDB: JVNDB-2013-005852 // PACKETSTORM: 129219 // PACKETSTORM: 124742 // PACKETSTORM: 159345 // PACKETSTORM: 126477 // CNNVD: CNNVD-201306-056 // NVD: CVE-2013-2139

REFERENCES

url:	http://advisories.mageia.org/mgasa-2014-0465.html	Trust: 2.0
url:	https://bugzilla.redhat.com/show_bug.cgi?id=970697	Trust: 1.4
url:	http://seclists.org/fulldisclosure/2013/jun/10	Trust: 1.1
url:	http://www.osvdb.org/93852	Trust: 1.1
url:	http://www.debian.org/security/2014/dsa-2840	Trust: 1.1
url:	http://lwn.net/articles/579633/	Trust: 1.1
url:	http://www.mandriva.com/security/advisories?name=mdvsa-2014:219	Trust: 1.1
url:	https://github.com/cisco/libsrtp/pull/27	Trust: 1.1
url:	http://lists.opensuse.org/opensuse-updates/2013-07/msg00083.html	Trust: 1.1
url:	http://lists.opensuse.org/opensuse-updates/2014-09/msg00059.html	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-2139	Trust: 0.9
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-2139	Trust: 0.8
url:	https://packetstormsecurity.com/files/159345/red-hat-security-advisory-2020-3873-01.html	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.3354/	Trust: 0.6
url:	https://vigilance.fr/vulnerability/libsrtp-buffer-overflow-via-crypto-policy-set-from-profile-for-rtp-33458	Trust: 0.6
url:	https://nvd.nist.gov/vuln/detail/cve-2013-2139	Trust: 0.4
url:	https://github.com/cisco/libsrtp#readme	Trust: 0.3
url:	https://github.com/cisco/libsrtp/issues/24	Trust: 0.3
url:	http://www.mandriva.com/en/support/security/	Trust: 0.1
url:	http://www.mandriva.com/en/support/security/advisories/	Trust: 0.1
url:	http://www.debian.org/security/faq	Trust: 0.1
url:	http://www.debian.org/security/	Trust: 0.1
url:	https://www.redhat.com/mailman/listinfo/rhsa-announce	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2015-6360	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2013-2139	Trust: 0.1
url:	https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/7.9_release_notes/index	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2015-6360	Trust: 0.1
url:	https://bugzilla.redhat.com/):	Trust: 0.1
url:	https://access.redhat.com/errata/rhsa-2020:3873	Trust: 0.1
url:	https://access.redhat.com/security/team/key/	Trust: 0.1
url:	https://access.redhat.com/articles/11258	Trust: 0.1
url:	https://access.redhat.com/security/updates/classification/#moderate	Trust: 0.1
url:	https://access.redhat.com/security/team/contact/	Trust: 0.1
url:	http://creativecommons.org/licenses/by-sa/2.5	Trust: 0.1
url:	http://security.gentoo.org/glsa/glsa-201405-02.xml	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2139	Trust: 0.1
url:	http://security.gentoo.org/	Trust: 0.1
url:	https://bugs.gentoo.org.	Trust: 0.1

CREDITS

Red Hat

Trust: 0.7

sources: PACKETSTORM: 159345 // CNNVD: CNNVD-201306-056

SOURCES

db:	VULHUB	id:	VHN-62141
db:	BID	id:	60323
db:	JVNDB	id:	JVNDB-2013-005852
db:	PACKETSTORM	id:	129219
db:	PACKETSTORM	id:	124742
db:	PACKETSTORM	id:	159345
db:	PACKETSTORM	id:	126477
db:	CNNVD	id:	CNNVD-201306-056
db:	NVD	id:	CVE-2013-2139

LAST UPDATE DATE

2024-08-14T14:46:50.050000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-62141	date:	2018-10-30T00:00:00
db:	BID	id:	60323	date:	2015-04-13T22:20:00
db:	JVNDB	id:	JVNDB-2013-005852	date:	2015-08-11T00:00:00
db:	CNNVD	id:	CNNVD-201306-056	date:	2020-10-09T00:00:00
db:	NVD	id:	CVE-2013-2139	date:	2018-10-30T16:27:34.687

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-62141	date:	2014-01-16T00:00:00
db:	BID	id:	60323	date:	2013-06-04T00:00:00
db:	JVNDB	id:	JVNDB-2013-005852	date:	2014-01-20T00:00:00
db:	PACKETSTORM	id:	129219	date:	2014-11-21T18:56:48
db:	PACKETSTORM	id:	124742	date:	2014-01-10T22:09:45
db:	PACKETSTORM	id:	159345	date:	2020-09-30T15:42:49
db:	PACKETSTORM	id:	126477	date:	2014-05-05T17:14:00
db:	CNNVD	id:	CNNVD-201306-056	date:	2013-06-07T00:00:00
db:	NVD	id:	CVE-2013-2139	date:	2014-01-16T05:05:23.947