Описание
Security update for c-toxcore
c-toxcore was updated fo fix a securiy issue:
- CVE-2021-44847: Fixed a buffer overflow in handle_request in DHT.c which could lead to remote DoS and potential code execution (boo#1193667)
Список пакетов
SUSE Package Hub 15 SP1
c-toxcore-0.2.13-bp153.2.3.1
c-toxcore-daemon-0.2.13-bp153.2.3.1
c-toxcore-devel-0.2.13-bp153.2.3.1
libtoxcore2-0.2.13-bp153.2.3.1
SUSE Package Hub 15 SP2
c-toxcore-0.2.13-bp153.2.3.1
c-toxcore-daemon-0.2.13-bp153.2.3.1
c-toxcore-devel-0.2.13-bp153.2.3.1
libtoxcore2-0.2.13-bp153.2.3.1
SUSE Package Hub 15 SP3
c-toxcore-0.2.13-bp153.2.3.1
c-toxcore-daemon-0.2.13-bp153.2.3.1
c-toxcore-devel-0.2.13-bp153.2.3.1
libtoxcore2-0.2.13-bp153.2.3.1
openSUSE Leap 15.2
c-toxcore-0.2.13-bp153.2.3.1
c-toxcore-daemon-0.2.13-bp153.2.3.1
c-toxcore-devel-0.2.13-bp153.2.3.1
libtoxcore2-0.2.13-bp153.2.3.1
openSUSE Leap 15.3
c-toxcore-0.2.13-bp153.2.3.1
c-toxcore-daemon-0.2.13-bp153.2.3.1
c-toxcore-devel-0.2.13-bp153.2.3.1
libtoxcore2-0.2.13-bp153.2.3.1
Ссылки
- E-Mail link for openSUSE-SU-2021:1640-1
- SUSE Security Ratings
- SUSE Bug 1193667
- SUSE CVE CVE-2021-44847 page
Описание
A stack-based buffer overflow in handle_request function in DHT.c in toxcore 0.1.9 through 0.1.11 and 0.2.0 through 0.2.12 (caused by an improper length calculation during the handling of received network packets) allows remote attackers to crash the process or potentially execute arbitrary code via a network packet.
Затронутые продукты
SUSE Package Hub 15 SP1:c-toxcore-0.2.13-bp153.2.3.1
SUSE Package Hub 15 SP1:c-toxcore-daemon-0.2.13-bp153.2.3.1
SUSE Package Hub 15 SP1:c-toxcore-devel-0.2.13-bp153.2.3.1
SUSE Package Hub 15 SP1:libtoxcore2-0.2.13-bp153.2.3.1
Ссылки
- CVE-2021-44847
- SUSE Bug 1193667