1.0.3

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

HIGH

Availability impact

NONE

network

low complexity

bzrtp-project

CWE-254

nessus

NVD

Published: 2017-01-18

Updated: 2017-08-03

Summary

The Bzrtp library (aka libbzrtp) 1.0.x before 1.0.4 allows man-in-the-middle attackers to conduct spoofing attacks by leveraging a missing HVI check on DHPart2 packet reception.

Vulnerable Configurations

Part	Description	Count
Application	Bzrtp_Project Bzrtp Project Bzrtp 1.0.0 Bzrtp Project Bzrtp 1.0.2 Bzrtp Project Bzrtp 1.0.3	3

Common Weakness Enumeration (CWE)

CWE-254 - 7PK - Security Features

Nessus

NASL family	SuSE Local Security Checks
NASL id	OPENSUSE-2017-193.NASL
description	This update for bzrtp fixes one security issue. The following vulnerability was fixed : - CVE-2016-6271: missing HVI check on DHPart2 packet reception may have allowed man-in-the-middle attackers to conduct spoofing attacks boo#1020844)
last seen	2020-06-05
modified	2017-02-02
plugin id	96944
published	2017-02-02
reporter	This script is Copyright (C) 2017-2020 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/96944
title	openSUSE Security Update : bzrtp (openSUSE-2017-193)

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

Nessus

References