CVE-2015-6360

NameCVE-2015-6360
DescriptionThe encryption-processing feature in Cisco libSRTP before 1.5.3 allows remote attackers to cause a denial of service via crafted fields in SRTP packets, aka Bug ID CSCux00686.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SuSE, Mageia, GitHub code/issues, web search, more)
ReferencesDLA-393-1, DSA-3539-1
NVD severityhigh (attack range: remote)
Debian Bugs807698

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
srtp (PTS)wheezy, wheezy (security)1.4.4+20100615~dfsg-2+deb7u2fixed
jessie (security), jessie1.4.5~20130609~dfsg-1.1+deb8u1fixed
buster, stretch, sid1.4.5~20130609~dfsg-2fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
srtpsource(unstable)1.4.5~20130609~dfsg-1.2high807698
srtpsourceexperimental1.5.3~dfsg-1high
srtpsourcejessie1.4.5~20130609~dfsg-1.1+deb8u1highDSA-3539-1
srtpsourcesqueeze1.4.4~dfsg-6+deb6u2highDLA-393-1
srtpsourcewheezy1.4.4+20100615~dfsg-2+deb7u2highDSA-3539-1

Notes

Fix: https://github.com/cisco/libsrtp/commit/704a31774db0dd941094fd2b47c21638b8dc3de2
Fixup: https://github.com/cisco/libsrtp/commit/be95365fbb4788b688cab7af61c65b7989055fb4
Fixup: https://github.com/cisco/libsrtp/commit/be06686c8e98cc7bd934e10abb6f5e971d03f8ee
Fixup: https://github.com/cisco/libsrtp/commit/cdc69f2acde796a4152a250f869271298abc233f

Search for package or bug name: Reporting problems