CVE-2016-6271

Опубликовано: 18 янв. 2017

Источник: debian

EPSS Низкий

Описание

The Bzrtp library (aka libbzrtp) 1.0.x before 1.0.4 allows man-in-the-middle attackers to conduct spoofing attacks by leveraging a missing HVI check on DHPart2 packet reception.

Пакеты

Пакет	Статус	Версия исправления	Релиз	Тип
bzrtp	fixed	1.0.2-1.2		package

Примечания

Fixed by: https://github.com/BelledonneCommunications/bzrtp/commit/bbb1e6e2f467ee4bd7b9a8c800e4f07343d7d99b

EPSS

Процентиль: 91%

0.07377

Низкий

Связанные уязвимости

CVE-2016-6271

CVSS3: 7.5

ubuntu

около 9 лет назад

The Bzrtp library (aka libbzrtp) 1.0.x before 1.0.4 allows man-in-the-middle attackers to conduct spoofing attacks by leveraging a missing HVI check on DHPart2 packet reception.

CVE-2016-6271

CVSS3: 7.5

nvd

около 9 лет назад

The Bzrtp library (aka libbzrtp) 1.0.x before 1.0.4 allows man-in-the-middle attackers to conduct spoofing attacks by leveraging a missing HVI check on DHPart2 packet reception.

openSUSE-SU-2017:0363-1

suse-cvrf

около 9 лет назад

Security update for bzrtp

GHSA-4qx9-9vv8-76v6

CVSS3: 7.5

github

больше 3 лет назад

The Bzrtp library (aka libbzrtp) 1.0.x before 1.0.4 allows man-in-the-middle attackers to conduct spoofing attacks by leveraging a missing HVI check on DHPart2 packet reception.

EPSS

Процентиль: 91%

0.07377

Низкий