Jump to:

CVE-2016-2851

Jump to:

CVE-2016-2851

Package libotr5 updated to version 4.1.1-alt1 for branch sisyphus in task 161130.

Published: 2016-04-08
Modified: 2024-11-21

CVE-2016-2851

Integer overflow in proto.c in libotr before 4.1.1 on 64-bit platforms allows remote attackers to cause a denial of service (memory corruption and application crash) or execute arbitrary code via a series of large OTR messages, which triggers a heap-based buffer overflow.

Severity: CRITICAL (9.8) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

openSUSE-SU-2016:0708
openSUSE-SU-2016:0708
openSUSE-SU-2016:0732
openSUSE-SU-2016:0732
20160309 Advisory X41-2016-001: Memory Corruption Vulnerability in "libotr"
20160309 Advisory X41-2016-001: Memory Corruption Vulnerability in "libotr"
DSA-3512
DSA-3512
20160309 Advisory X41-2016-001: Memory Corruption Vulnerability in "libotr"
20160309 Advisory X41-2016-001: Memory Corruption Vulnerability in "libotr"
84285
84285
USN-2926-1
USN-2926-1
[OTR-users] 20160309 Security Advisory: upgrade to libotr 4.1.1
[OTR-users] 20160309 Security Advisory: upgrade to libotr 4.1.1
GLSA-201701-10
GLSA-201701-10
39550
39550
https://www.x41-dsec.de/lab/advisories/x41-2016-001-libotr/
https://www.x41-dsec.de/lab/advisories/x41-2016-001-libotr/

Version: 2.1.0

Package libotr5 update in sisyphus on 2016-03-10

ALT-PU-2016-1202-1

Closed vulnerabilities

CVE-2016-2851