Bug 1193667 - (CVE-2021-44847) VUL-1: CVE-2021-44847: c-toxcore: buffer overflow in handle_request in DHT.c leads to remote DoS and potential code execution
VUL-1: CVE-2021-44847: c-toxcore: buffer overflow in handle_request in DHT.c ...
Classification: openSUSE
Product: openSUSE Distribution
Classification: openSUSE
Component: Security
Leap 15.2
Other Other
: P4 - Low : Minor (vote)
: ---
Assigned To: Eric Schirra
Security Team bot
Depends on:
  Show dependency treegraph
Reported: 2021-12-13 11:28 UTC by Carlos López
Modified: 2022-01-29 08:46 UTC (History)
0 users

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Note You need to log in before you can comment on or make changes to this bug.
Description Carlos López 2021-12-13 11:28:03 UTC

A stack-based buffer overflow in handle_request function in DHT.c in toxcore
0.1.9 through 0.1.11 and 0.2.0 through 0.2.12 (caused by an improper length
calculation during the handling of received network packets) allows remote
attackers to crash the process or potentially execute arbitrary code via a
network packet.

Comment 1 Carlos López 2021-12-13 11:30:19 UTC
Affected codestreams:
 - openSUSE:Backports:SLE-15-SP2
 - openSUSE:Backports:SLE-15-SP3
 - openSUSE:Leap:15.2

Already fixed in openSUSE:Backports:SLE-15-SP4 and openSUSE:Factory.
Comment 2 OBSbugzilla Bot 2021-12-13 14:20:07 UTC
This is an autogenerated message for OBS integration:
This bug (1193667) was mentioned in
https://build.opensuse.org/request/show/940248 15.2+Backports:SLE-15-SP1+Backports:SLE-15-SP2+Backports:SLE-15-SP3 / c-toxcore
Comment 3 Swamp Workflow Management 2021-12-30 20:21:01 UTC
openSUSE-SU-2021:1640-1: An update that fixes one vulnerability is now available.

Category: security (moderate)
Bug References: 1193667
CVE References: CVE-2021-44847
JIRA References: 
Sources used:
openSUSE Leap 15.2 (src):    c-toxcore-0.2.13-lp152.3.3.1
openSUSE Backports SLE-15-SP3 (src):    c-toxcore-0.2.13-bp153.2.3.1
openSUSE Backports SLE-15-SP2 (src):    c-toxcore-0.2.13-bp152.4.3.1
openSUSE Backports SLE-15-SP1 (src):    c-toxcore-0.2.13-bp151.3.3.1
Comment 4 Eric Schirra 2022-01-29 08:46:21 UTC
New version is distributed.