FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

libsrtp -- DoS via crafted RTP header vulnerability

Affected packages
libsrtp < 1.5.3

Details

VuXML ID 6171eb07-d8a9-11e5-b2bd-002590263bf5
Discovery 2015-11-02
Entry 2016-02-21

libsrtp reports:

Prevent potential DoS attack due to lack of bounds checking on RTP header CSRC count and extension header length. Credit goes to Randell Jesup and the Firefox team for reporting this issue.

References

CVE Name CVE-2015-6360
FreeBSD PR ports/207003
URL https://github.com/cisco/libsrtp/commit/704a31774db0dd941094fd2b47c21638b8dc3de2
URL https://github.com/cisco/libsrtp/commit/be06686c8e98cc7bd934e10abb6f5e971d03f8ee
URL https://github.com/cisco/libsrtp/commit/be95365fbb4788b688cab7af61c65b7989055fb4
URL https://github.com/cisco/libsrtp/commit/cdc69f2acde796a4152a250f869271298abc233f
URL https://github.com/cisco/libsrtp/releases/tag/v1.5.3