The Bzrtp library (aka libbzrtp) 1.0.x before 1.0.4 allows man-in-the-middle attackers to conduct spoofing attacks by leveraging a missing HVI check on DHPart2 packet reception.
{ "binaries": [ { "binary_name": "libbzrtp-dev", "binary_version": "1.0.2-1.2build0.16.04.1" }, { "binary_name": "libbzrtp0", "binary_version": "1.0.2-1.2build0.16.04.1" }, { "binary_name": "libbzrtp0-dbg", "binary_version": "1.0.2-1.2build0.16.04.1" }, { "binary_name": "libbzrtp0-dbgsym", "binary_version": "1.0.2-1.2build0.16.04.1" } ], "availability": "No subscription required", "ubuntu_priority": "medium" }
{ "binaries": [ { "binary_name": "libbzrtp-dev", "binary_version": "1.0.6-2" }, { "binary_name": "libbzrtp0", "binary_version": "1.0.6-2" }, { "binary_name": "libbzrtp0-dbgsym", "binary_version": "1.0.6-2" } ], "availability": "No subscription required", "ubuntu_priority": "medium" }