Home

CVE-2016-2851

Description

Integer overflow in proto.c in libotr before 4.1.1 on 64-bit platforms allows remote attackers to cause a denial of service (memory corruption and application crash) or execute arbitrary code via a series of large OTR messages, which triggers a heap-based buffer overflow.

Risk Information

Base Score
9.8
MODERATE
Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
23.058

Associated Vulnerability

VulnerabilityOS Platform
Off-the-Record Messaging library (USN-2926-1) libotr2_3.2.0-4ubuntu0.3_i386.debLinux
Off-the-Record Messaging library (USN-2926-1) libotr2_3.2.0-4ubuntu0.3_amd64.debLinux
SUSE-SU-2016:0706-1(SUSE Linux Enterprise Desktop 11-SP4 ) libotr2-3.2.0-10.5.1.x86_64.rpmLinux
SUSE-SU-2016:0707-1(SUSE Linux Enterprise Desktop 12-SP1 ) libotr-debugsource-4.0.0-9.1.x86_64.rpmLinux
SUSE-SU-2016:0707-1(SUSE Linux Enterprise Desktop 12-SP1 ) libotr5-4.0.0-9.1.x86_64.rpmLinux
SUSE-SU-2016:0707-1(SUSE Linux Enterprise Desktop 12-SP1 ) libotr5-debuginfo-4.0.0-9.1.x86_64.rpmLinux

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234