Vulnerability 1. Remote Heap Overflow: If an attacker sends a
packet larger than 1024 bytes that gets stored temporarily (which
occurs many times - such as when sending a ZRTP Hello packet), a
heap overflow will occur, leading to potential arbitrary code
execution on the vulnerable host.
Vulnerability 2. Multiple Stack Overflows: ZRTPCPP contains
multiple stack overflows that arise when preparing a response
to a client's ZRTP Hello packet.
Vulnerability 3. Information Leaking / Out of Bounds Reads:
The ZRTPCPP library performs very little validation regarding the
expected size of a packet versus the actual amount of data
received. This can lead to both information leaking and out
of bounds data reads (usually resulting in a crash).
Information leaking can be performed for example by sending
a malformed ZRTP Ping packet.