CVE-2018-25021
HIGHtoxcore < 0.2.8 - Denial of Service via TCP Priority Queue Memory Leak
Title source: llmDescription
The TCP Server module in toxcore before 0.2.8 doesn't free the TCP priority queue under certain conditions, which allows a remote attacker to exhaust the system's memory, causing a denial of service (DoS).
References (3)
Core 3
Core References
Exploit, Third Party Advisory x_refsource_misc
https://github.com/TokTok/c-toxcore/issues/1214
Third Party Advisory x_refsource_misc
https://github.com/TokTok/c-toxcore/pull/1216
Third Party Advisory x_refsource_misc
https://blog.tox.chat/2018/10/memory-leak-bug-and-new-toxcore-release-fixing-it/
Scores
CVSS v3
7.5
EPSS
0.0227
EPSS Percentile
80.8%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Details
CWE
CWE-404
Status
published
Products (1)
toktok/toxcore
< 0.2.8
Published
Dec 13, 2021
Tracked Since
Feb 18, 2026