Vulnerability Description
A stack-based buffer overflow in handle_request function in DHT.c in toxcore 0.1.9 through 0.1.11 and 0.2.0 through 0.2.12 (caused by an improper length calculation during the handling of received network packets) allows remote attackers to crash the process or potentially execute arbitrary code via a network packet.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Toktok | Toxcore | >= 0.1.9, <= 0.1.11 |
| Fedoraproject | Fedora | 34 |
Related Weaknesses (CWE)
References
- https://github.com/TokTok/c-toxcore/pull/1718ExploitIssue TrackingPatch
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
- https://github.com/TokTok/c-toxcore/pull/1718ExploitIssue TrackingPatch
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
FAQ
What is CVE-2021-44847?
CVE-2021-44847 is a vulnerability with a CVSS score of 9.8 (CRITICAL). A stack-based buffer overflow in handle_request function in DHT.c in toxcore 0.1.9 through 0.1.11 and 0.2.0 through 0.2.12 (caused by an improper length calculation during the handling of received net...
How severe is CVE-2021-44847?
CVE-2021-44847 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2021-44847?
Check the references section above for vendor advisories and patch information. Affected products include: Toktok Toxcore, Fedoraproject Fedora.