Launchpad.net

Launchpad Home
Code
Bugs
Blueprints
Translations
Answers

CVE 2021-44847

A stack-based buffer overflow in handle_request function in DHT.c in toxcore 0.1.9 through 0.1.11 and 0.2.0 through 0.2.12 (caused by an improper length calculation during the handling of received network packets) allows remote attackers to crash the process or potentially execute arbitrary code via a network packet.

Related bugs and status

CVE-2021-44847 (Candidate) is related to these bugs:

Bug #1955700: Stack-based buffer overflow vulnerability in UDP packet handling (CVE-2021-44847)

Summary				In	Importance	Status
	1955700	Stack-based buffer overflow vulnerability in UDP packet handling (CVE-2021-44847)		libtoxcore (Ubuntu)	Undecided	New
	1955700	Stack-based buffer overflow vulnerability in UDP packet handling (CVE-2021-44847)		libtoxcore (Debian)	Unknown	Fix Released

See the

CVE page on Mitre.org for more details.

References

MISC: https://github.com/Tok...
FEDORA: FEDORA-2021-8026e9b394
FEDORA: FEDORA-2021-8b746a32c5