SilentCircle may also be vulernable to this DoS against the PolarSSL library: http://bureauofsabotage.com/report001.txt
Apparently, an attacker can send the PolarSSL lib into an infinite loop with a malformed certificate. It affects versions 1.1.0 up to 1.2.8. SilentCircle is using 1.1.1 here: https://github.com/SilentCircle/silent-phone-android/blob/ffd18e90251db4964db210d6348352465531544e/jni/Android.mk#L60 On Thu, Jun 27, 2013 at 9:11 AM, Nadim Kobeissi <[email protected]> wrote: > Thanks to Arturo Filastò for pointing this out: > https://github.com/SilentCircle/silent-phone-base/issues/5 > > Many remotely executable overflows in the ZRTP library used by Silent > Circle. > > NK > -- > Too many emails? Unsubscribe, change to digest, or change password by > emailing moderator at [email protected] or changing your settings at > https://mailman.stanford.edu/mailman/listinfo/liberationtech >
-- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at [email protected] or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
