The Bzrtp library (aka libbzrtp) 1.0.x before 1.0.4 allows man-in-the-middle attackers to conduct spoofing attacks by leveraging a missing HVI check on DHPart2 packet reception.
{ "binaries": [ { "binary_version": "1.0.2-1.2build0.16.04.1", "binary_name": "libbzrtp-dev" }, { "binary_version": "1.0.2-1.2build0.16.04.1", "binary_name": "libbzrtp0" }, { "binary_version": "1.0.2-1.2build0.16.04.1", "binary_name": "libbzrtp0-dbg" }, { "binary_version": "1.0.2-1.2build0.16.04.1", "binary_name": "libbzrtp0-dbgsym" } ], "ubuntu_priority": "medium", "availability": "No subscription required" }
{ "binaries": [ { "binary_version": "1.0.6-2", "binary_name": "libbzrtp-dev" }, { "binary_version": "1.0.6-2", "binary_name": "libbzrtp0" }, { "binary_version": "1.0.6-2", "binary_name": "libbzrtp0-dbgsym" } ], "ubuntu_priority": "medium", "availability": "No subscription required" }