Vulnerabilites related to toktok - toxcore
CVE-2018-25021 (GCVE-0-2018-25021)
Vulnerability from cvelistv5
Published
2021-12-13 00:53
Modified
2024-08-05 12:26
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The TCP Server module in toxcore before 0.2.8 doesn't free the TCP priority queue under certain conditions, which allows a remote attacker to exhaust the system's memory, causing a denial of service (DoS).
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/TokTok/c-toxcore/issues/1214 | x_refsource_MISC | |
| https://github.com/TokTok/c-toxcore/pull/1216 | x_refsource_MISC | |
| https://blog.tox.chat/2018/10/memory-leak-bug-and-new-toxcore-release-fixing-it/ | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T12:26:39.493Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/TokTok/c-toxcore/issues/1214"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/TokTok/c-toxcore/pull/1216"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://blog.tox.chat/2018/10/memory-leak-bug-and-new-toxcore-release-fixing-it/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The TCP Server module in toxcore before 0.2.8 doesn\u0027t free the TCP priority queue under certain conditions, which allows a remote attacker to exhaust the system\u0027s memory, causing a denial of service (DoS)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-12-13T00:53:52",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/TokTok/c-toxcore/issues/1214"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/TokTok/c-toxcore/pull/1216"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://blog.tox.chat/2018/10/memory-leak-bug-and-new-toxcore-release-fixing-it/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-25021",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The TCP Server module in toxcore before 0.2.8 doesn\u0027t free the TCP priority queue under certain conditions, which allows a remote attacker to exhaust the system\u0027s memory, causing a denial of service (DoS)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/TokTok/c-toxcore/issues/1214",
"refsource": "MISC",
"url": "https://github.com/TokTok/c-toxcore/issues/1214"
},
{
"name": "https://github.com/TokTok/c-toxcore/pull/1216",
"refsource": "MISC",
"url": "https://github.com/TokTok/c-toxcore/pull/1216"
},
{
"name": "https://blog.tox.chat/2018/10/memory-leak-bug-and-new-toxcore-release-fixing-it/",
"refsource": "MISC",
"url": "https://blog.tox.chat/2018/10/memory-leak-bug-and-new-toxcore-release-fixing-it/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-25021",
"datePublished": "2021-12-13T00:53:52",
"dateReserved": "2021-12-13T00:00:00",
"dateUpdated": "2024-08-05T12:26:39.493Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-25022 (GCVE-0-2018-25022)
Vulnerability from cvelistv5
Published
2021-12-13 00:53
Modified
2024-08-05 12:26
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The Onion module in toxcore before 0.2.2 doesn't restrict which packets can be onion-routed, which allows a remote attacker to discover a target user's IP address (when knowing only their Tox Id) by positioning themselves close to target's Tox Id in the DHT for the target to establish an onion connection with the attacker, guessing the target's DHT public key and creating a DHT node with public key close to it, and finally onion-routing a NAT Ping Request to the target, requesting it to ping the just created DHT node.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/TokTok/c-toxcore/issues/873 | x_refsource_MISC | |
| https://github.com/TokTok/c-toxcore/pull/872 | x_refsource_MISC | |
| https://blog.tox.chat/2018/04/security-vulnerability-and-new-toxcore-release | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T12:26:39.652Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/TokTok/c-toxcore/issues/873"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/TokTok/c-toxcore/pull/872"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://blog.tox.chat/2018/04/security-vulnerability-and-new-toxcore-release"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The Onion module in toxcore before 0.2.2 doesn\u0027t restrict which packets can be onion-routed, which allows a remote attacker to discover a target user\u0027s IP address (when knowing only their Tox Id) by positioning themselves close to target\u0027s Tox Id in the DHT for the target to establish an onion connection with the attacker, guessing the target\u0027s DHT public key and creating a DHT node with public key close to it, and finally onion-routing a NAT Ping Request to the target, requesting it to ping the just created DHT node."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-12-13T00:53:11",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/TokTok/c-toxcore/issues/873"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/TokTok/c-toxcore/pull/872"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://blog.tox.chat/2018/04/security-vulnerability-and-new-toxcore-release"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-25022",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Onion module in toxcore before 0.2.2 doesn\u0027t restrict which packets can be onion-routed, which allows a remote attacker to discover a target user\u0027s IP address (when knowing only their Tox Id) by positioning themselves close to target\u0027s Tox Id in the DHT for the target to establish an onion connection with the attacker, guessing the target\u0027s DHT public key and creating a DHT node with public key close to it, and finally onion-routing a NAT Ping Request to the target, requesting it to ping the just created DHT node."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/TokTok/c-toxcore/issues/873",
"refsource": "MISC",
"url": "https://github.com/TokTok/c-toxcore/issues/873"
},
{
"name": "https://github.com/TokTok/c-toxcore/pull/872",
"refsource": "MISC",
"url": "https://github.com/TokTok/c-toxcore/pull/872"
},
{
"name": "https://blog.tox.chat/2018/04/security-vulnerability-and-new-toxcore-release",
"refsource": "MISC",
"url": "https://blog.tox.chat/2018/04/security-vulnerability-and-new-toxcore-release"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-25022",
"datePublished": "2021-12-13T00:53:11",
"dateReserved": "2021-12-13T00:00:00",
"dateUpdated": "2024-08-05T12:26:39.652Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-44847 (GCVE-0-2021-44847)
Vulnerability from cvelistv5
Published
2021-12-13 00:53
Modified
2024-08-04 04:32
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
A stack-based buffer overflow in handle_request function in DHT.c in toxcore 0.1.9 through 0.1.11 and 0.2.0 through 0.2.12 (caused by an improper length calculation during the handling of received network packets) allows remote attackers to crash the process or potentially execute arbitrary code via a network packet.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/TokTok/c-toxcore/pull/1718 | x_refsource_MISC | |
| https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/S7EBS3NIRYJ7V3PTNINP3PJSVUHGZTGA/ | vendor-advisory, x_refsource_FEDORA | |
| https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZLTKINSPO5T65LB3ZASDPCREKUE22RYE/ | vendor-advisory, x_refsource_FEDORA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T04:32:12.863Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/TokTok/c-toxcore/pull/1718"
},
{
"name": "FEDORA-2021-8026e9b394",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/S7EBS3NIRYJ7V3PTNINP3PJSVUHGZTGA/"
},
{
"name": "FEDORA-2021-8b746a32c5",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZLTKINSPO5T65LB3ZASDPCREKUE22RYE/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A stack-based buffer overflow in handle_request function in DHT.c in toxcore 0.1.9 through 0.1.11 and 0.2.0 through 0.2.12 (caused by an improper length calculation during the handling of received network packets) allows remote attackers to crash the process or potentially execute arbitrary code via a network packet."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-12-27T02:06:23",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/TokTok/c-toxcore/pull/1718"
},
{
"name": "FEDORA-2021-8026e9b394",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/S7EBS3NIRYJ7V3PTNINP3PJSVUHGZTGA/"
},
{
"name": "FEDORA-2021-8b746a32c5",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZLTKINSPO5T65LB3ZASDPCREKUE22RYE/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-44847",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A stack-based buffer overflow in handle_request function in DHT.c in toxcore 0.1.9 through 0.1.11 and 0.2.0 through 0.2.12 (caused by an improper length calculation during the handling of received network packets) allows remote attackers to crash the process or potentially execute arbitrary code via a network packet."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/TokTok/c-toxcore/pull/1718",
"refsource": "MISC",
"url": "https://github.com/TokTok/c-toxcore/pull/1718"
},
{
"name": "FEDORA-2021-8026e9b394",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/S7EBS3NIRYJ7V3PTNINP3PJSVUHGZTGA/"
},
{
"name": "FEDORA-2021-8b746a32c5",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZLTKINSPO5T65LB3ZASDPCREKUE22RYE/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-44847",
"datePublished": "2021-12-13T00:53:26",
"dateReserved": "2021-12-13T00:00:00",
"dateUpdated": "2024-08-04T04:32:12.863Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2021-12-13 01:15
Modified
2024-11-21 04:03
Severity ?
Summary
The TCP Server module in toxcore before 0.2.8 doesn't free the TCP priority queue under certain conditions, which allows a remote attacker to exhaust the system's memory, causing a denial of service (DoS).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://blog.tox.chat/2018/10/memory-leak-bug-and-new-toxcore-release-fixing-it/ | Third Party Advisory | |
| cve@mitre.org | https://github.com/TokTok/c-toxcore/issues/1214 | Exploit, Third Party Advisory | |
| cve@mitre.org | https://github.com/TokTok/c-toxcore/pull/1216 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://blog.tox.chat/2018/10/memory-leak-bug-and-new-toxcore-release-fixing-it/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/TokTok/c-toxcore/issues/1214 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/TokTok/c-toxcore/pull/1216 | Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:toktok:toxcore:*:*:*:*:*:*:*:*",
"matchCriteriaId": "41E5F971-61F6-46C9-8E13-EB39CC8C1788",
"versionEndExcluding": "0.2.8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The TCP Server module in toxcore before 0.2.8 doesn\u0027t free the TCP priority queue under certain conditions, which allows a remote attacker to exhaust the system\u0027s memory, causing a denial of service (DoS)."
},
{
"lang": "es",
"value": "El m\u00f3dulo TCP Server en toxcore versiones anteriores a 0.2.8, no libera la cola de prioridad TCP bajo determinadas condiciones, lo que permite a un atacante remoto agotar la memoria del sistema, causando una denegaci\u00f3n de servicio (DoS)"
}
],
"id": "CVE-2018-25021",
"lastModified": "2024-11-21T04:03:22.417",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-12-13T01:15:07.533",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://blog.tox.chat/2018/10/memory-leak-bug-and-new-toxcore-release-fixing-it/"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/TokTok/c-toxcore/issues/1214"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/TokTok/c-toxcore/pull/1216"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://blog.tox.chat/2018/10/memory-leak-bug-and-new-toxcore-release-fixing-it/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/TokTok/c-toxcore/issues/1214"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/TokTok/c-toxcore/pull/1216"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-404"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-12-13 01:15
Modified
2024-11-21 04:03
Severity ?
Summary
The Onion module in toxcore before 0.2.2 doesn't restrict which packets can be onion-routed, which allows a remote attacker to discover a target user's IP address (when knowing only their Tox Id) by positioning themselves close to target's Tox Id in the DHT for the target to establish an onion connection with the attacker, guessing the target's DHT public key and creating a DHT node with public key close to it, and finally onion-routing a NAT Ping Request to the target, requesting it to ping the just created DHT node.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://blog.tox.chat/2018/04/security-vulnerability-and-new-toxcore-release | Exploit, Vendor Advisory | |
| cve@mitre.org | https://github.com/TokTok/c-toxcore/issues/873 | Exploit, Issue Tracking, Third Party Advisory | |
| cve@mitre.org | https://github.com/TokTok/c-toxcore/pull/872 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://blog.tox.chat/2018/04/security-vulnerability-and-new-toxcore-release | Exploit, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/TokTok/c-toxcore/issues/873 | Exploit, Issue Tracking, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/TokTok/c-toxcore/pull/872 | Patch, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:toktok:toxcore:*:*:*:*:*:*:*:*",
"matchCriteriaId": "26501D21-71F8-447C-9E4F-84528A58C30E",
"versionEndExcluding": "0.2.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Onion module in toxcore before 0.2.2 doesn\u0027t restrict which packets can be onion-routed, which allows a remote attacker to discover a target user\u0027s IP address (when knowing only their Tox Id) by positioning themselves close to target\u0027s Tox Id in the DHT for the target to establish an onion connection with the attacker, guessing the target\u0027s DHT public key and creating a DHT node with public key close to it, and finally onion-routing a NAT Ping Request to the target, requesting it to ping the just created DHT node."
},
{
"lang": "es",
"value": "El m\u00f3dulo Onion en toxcore versiones anteriores a 0.2.2, no restringe los paquetes que pueden ser enrutados en forma onion, lo que permite a un atacante remoto detectar la direcci\u00f3n IP de un usuario objetivo (cuando s\u00f3lo conoce su Tox Id) al posicionarse cerca del Tox Id del objetivo en el DHT para que el objetivo establezca una conexi\u00f3n en forma onion con el atacante, adivinando la clave p\u00fablica del DHT del objetivo y creando un nodo DHT con clave p\u00fablica cerca de \u00e9l, y finalmente enrutando en forma de cebolla una solicitud de ping NAT al objetivo, pidi\u00e9ndole que haga ping al nodo DHT reci\u00e9n creado"
}
],
"id": "CVE-2018-25022",
"lastModified": "2024-11-21T04:03:22.563",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.1,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.6,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-12-13T01:15:07.587",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "https://blog.tox.chat/2018/04/security-vulnerability-and-new-toxcore-release"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://github.com/TokTok/c-toxcore/issues/873"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/TokTok/c-toxcore/pull/872"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "https://blog.tox.chat/2018/04/security-vulnerability-and-new-toxcore-release"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://github.com/TokTok/c-toxcore/issues/873"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/TokTok/c-toxcore/pull/872"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-12-13 01:15
Modified
2024-11-21 06:31
Severity ?
Summary
A stack-based buffer overflow in handle_request function in DHT.c in toxcore 0.1.9 through 0.1.11 and 0.2.0 through 0.2.12 (caused by an improper length calculation during the handling of received network packets) allows remote attackers to crash the process or potentially execute arbitrary code via a network packet.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| toktok | toxcore | * | |
| toktok | toxcore | * | |
| fedoraproject | fedora | 34 | |
| fedoraproject | fedora | 35 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:toktok:toxcore:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9F951E6A-92B6-4D08-974C-E469CBEBC5A5",
"versionEndIncluding": "0.1.11",
"versionStartIncluding": "0.1.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:toktok:toxcore:*:*:*:*:*:*:*:*",
"matchCriteriaId": "26425E31-7304-4963-AD7B-99F54D9BBBBF",
"versionEndIncluding": "0.2.12",
"versionStartIncluding": "0.2.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*",
"matchCriteriaId": "A930E247-0B43-43CB-98FF-6CE7B8189835",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*",
"matchCriteriaId": "80E516C0-98A4-4ADE-B69F-66A772E2BAAA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A stack-based buffer overflow in handle_request function in DHT.c in toxcore 0.1.9 through 0.1.11 and 0.2.0 through 0.2.12 (caused by an improper length calculation during the handling of received network packets) allows remote attackers to crash the process or potentially execute arbitrary code via a network packet."
},
{
"lang": "es",
"value": "Un desbordamiento del b\u00fafer en la regi\u00f3n stack de la memoria en la funci\u00f3n handle_request en el archivo DHT.c en toxcore versiones 0.1.9 hasta 0.1.11 y 0.2.0 hasta 0.2.12, (causado por un c\u00e1lculo inapropiado de la longitud durante el manejo de los paquetes de red recibidos) permite a atacantes remotos bloquear el proceso o ejecutar potencialmente c\u00f3digo arbitrario por medio de un paquete de red"
}
],
"id": "CVE-2021-44847",
"lastModified": "2024-11-21T06:31:36.140",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-12-13T01:15:07.730",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/TokTok/c-toxcore/pull/1718"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/S7EBS3NIRYJ7V3PTNINP3PJSVUHGZTGA/"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZLTKINSPO5T65LB3ZASDPCREKUE22RYE/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/TokTok/c-toxcore/pull/1718"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/S7EBS3NIRYJ7V3PTNINP3PJSVUHGZTGA/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZLTKINSPO5T65LB3ZASDPCREKUE22RYE/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-682"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}