CVE-2021-44847

A stack-based buffer overflow in handle_request function in DHT.c in toxcore 0.1.9 through 0.1.11 and 0.2.0 through 0.2.12 (caused by an improper length calculation during the handling of received network packets) allows remote attackers to crash the process or potentially execute arbitrary code via a network packet.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:toktok:toxcore:*:*:*:*:*:*:*:*
cpe:2.3:a:toktok:toxcore:*:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*

History

21 Nov 2024, 06:31

Type Values Removed Values Added
References () https://github.com/TokTok/c-toxcore/pull/1718 - Exploit, Issue Tracking, Patch, Third Party Advisory () https://github.com/TokTok/c-toxcore/pull/1718 - Exploit, Issue Tracking, Patch, Third Party Advisory
References () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/S7EBS3NIRYJ7V3PTNINP3PJSVUHGZTGA/ - () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/S7EBS3NIRYJ7V3PTNINP3PJSVUHGZTGA/ -
References () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZLTKINSPO5T65LB3ZASDPCREKUE22RYE/ - () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZLTKINSPO5T65LB3ZASDPCREKUE22RYE/ -

07 Nov 2023, 03:39

Type Values Removed Values Added
References
  • {'url': 'https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/S7EBS3NIRYJ7V3PTNINP3PJSVUHGZTGA/', 'name': 'FEDORA-2021-8026e9b394', 'tags': ['Mailing List', 'Third Party Advisory'], 'refsource': 'FEDORA'}
  • {'url': 'https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZLTKINSPO5T65LB3ZASDPCREKUE22RYE/', 'name': 'FEDORA-2021-8b746a32c5', 'tags': ['Mailing List', 'Third Party Advisory'], 'refsource': 'FEDORA'}
  • () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/S7EBS3NIRYJ7V3PTNINP3PJSVUHGZTGA/ -
  • () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZLTKINSPO5T65LB3ZASDPCREKUE22RYE/ -

08 Aug 2023, 14:21

Type Values Removed Values Added
CWE CWE-787 CWE-682

Information

Published : 2021-12-13 01:15

Updated : 2024-11-21 06:31


NVD link : CVE-2021-44847

Mitre link : CVE-2021-44847

CVE.ORG link : CVE-2021-44847


JSON object : View

Products Affected

toktok

  • toxcore

fedoraproject

  • fedora
CWE
CWE-682

Incorrect Calculation