CVE-2016-6271
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2016-6271
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2016-6271.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2016-6271
- Downstream
- Published
- 2017-01-18T22:59:00.780Z
- Modified
- 2025-11-20T10:29:26.171626Z
- Severity
-
- 7.5 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N CVSS Calculator
- Summary
- [none]
- Details
-
The Bzrtp library (aka libbzrtp) 1.0.x before 1.0.4 allows man-in-the-middle attackers to conduct spoofing attacks by leveraging a missing HVI check on DHPart2 packet reception.
- References
Affected packages
Git / github.com/belledonnecommunications/bzrtp
Affected ranges
- Type
- GIT
- Repo
- https://github.com/belledonnecommunications/bzrtp
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Database specific
vanir_signatures
[
{
"digest": {
"line_hashes": [
"39193105924607668272250138042150215915",
"161611720945893536351843179455825897374",
"59026929521637232435871698970082381378",
"121046430960441798993995952367385948002"
],
"threshold": 0.9
},
"signature_type": "Line",
"deprecated": false,
"signature_version": "v1",
"id": "CVE-2016-6271-7e03ca87",
"target": {
"file": "test/bzrtpTest.c"
},
"source": "https://github.com/belledonnecommunications/bzrtp/commit/bbb1e6e2f467ee4bd7b9a8c800e4f07343d7d99b"
},
{
"digest": {
"length": 12311.0,
"function_hash": "66355637971267211944685175048683152851"
},
"signature_type": "Function",
"deprecated": false,
"signature_version": "v1",
"id": "CVE-2016-6271-80760305",
"target": {
"file": "src/packetParser.c",
"function": "bzrtp_packetParser"
},
"source": "https://github.com/belledonnecommunications/bzrtp/commit/bbb1e6e2f467ee4bd7b9a8c800e4f07343d7d99b"
},
{
"digest": {
"line_hashes": [
"72925959846706030620584963699996732637",
"113490524439999342149187249345807459014",
"334138754210014708556229831642139801828",
"100172353912423640185507197280053668840",
"293606029472866719560543630395000067264",
"64147902449408370850796313724544928103",
"274456228174394702745469764665481484836",
"7003787851486458467213035817142872979",
"163013223040820777858031349166310093379",
"77506339242188681164775677969084742188",
"327548673615170004622307055585458835816",
"335035038758524611663181775161782953025",
"261194366961044613883088910070508461931",
"196345374842831575354194454214999777207",
"333172544096335675575006705150085187482",
"96968590439802370366782144259403007832",
"151906791414295325389828161078466189906",
"295667856615684346584874383307993272476",
"180767851715536242837363364224127282728",
"107293213705132986484827100554186938197"
],
"threshold": 0.9
},
"signature_type": "Line",
"deprecated": false,
"signature_version": "v1",
"id": "CVE-2016-6271-ae5466ff",
"target": {
"file": "test/bzrtpParserTest.c"
},
"source": "https://github.com/belledonnecommunications/bzrtp/commit/bbb1e6e2f467ee4bd7b9a8c800e4f07343d7d99b"
},
{
"digest": {
"length": 4405.0,
"function_hash": "272225868753653681046653979833301609337"
},
"signature_type": "Function",
"deprecated": false,
"signature_version": "v1",
"id": "CVE-2016-6271-bb63a3f1",
"target": {
"file": "test/bzrtpParserTest.c",
"function": "test_parser"
},
"source": "https://github.com/belledonnecommunications/bzrtp/commit/bbb1e6e2f467ee4bd7b9a8c800e4f07343d7d99b"
},
{
"digest": {
"line_hashes": [
"279319553541851576540462727661569971516"
],
"threshold": 0.9
},
"signature_type": "Line",
"deprecated": false,
"signature_version": "v1",
"id": "CVE-2016-6271-cd806773",
"target": {
"file": "test/bzrtpParserTest.h"
},
"source": "https://github.com/belledonnecommunications/bzrtp/commit/bbb1e6e2f467ee4bd7b9a8c800e4f07343d7d99b"
},
{
"digest": {
"length": 1370.0,
"function_hash": "183045543497994461123045877589364690699"
},
"signature_type": "Function",
"deprecated": false,
"signature_version": "v1",
"id": "CVE-2016-6271-f8bbc7b1",
"target": {
"file": "test/bzrtpTest.c",
"function": "main"
},
"source": "https://github.com/belledonnecommunications/bzrtp/commit/bbb1e6e2f467ee4bd7b9a8c800e4f07343d7d99b"
}
]