Bugzilla – Bug 1193667
VUL-1: CVE-2021-44847: c-toxcore: buffer overflow in handle_request in DHT.c leads to remote DoS and potential code execution
Last modified: 2022-01-29 08:46:21 UTC
A stack-based buffer overflow in handle_request function in DHT.c in toxcore
0.1.9 through 0.1.11 and 0.2.0 through 0.2.12 (caused by an improper length
calculation during the handling of received network packets) allows remote
attackers to crash the process or potentially execute arbitrary code via a
Already fixed in openSUSE:Backports:SLE-15-SP4 and openSUSE:Factory.
This is an autogenerated message for OBS integration:
This bug (1193667) was mentioned in
https://build.opensuse.org/request/show/940248 15.2+Backports:SLE-15-SP1+Backports:SLE-15-SP2+Backports:SLE-15-SP3 / c-toxcore
openSUSE-SU-2021:1640-1: An update that fixes one vulnerability is now available.
Category: security (moderate)
Bug References: 1193667
CVE References: CVE-2021-44847
openSUSE Leap 15.2 (src): c-toxcore-0.2.13-lp184.108.40.206
openSUSE Backports SLE-15-SP3 (src): c-toxcore-0.2.13-bp220.127.116.11
openSUSE Backports SLE-15-SP2 (src): c-toxcore-0.2.13-bp18.104.22.168
openSUSE Backports SLE-15-SP1 (src): c-toxcore-0.2.13-bp22.214.171.124
New version is distributed.