CVE-2021-44847

CRITICAL

toxcore 0.1.9-0.1.11 and 0.2.0-0.2.12 - Stack-Based Buffer Overflow in DHT Packet Handling

Title source: llm

Description

A stack-based buffer overflow in handle_request function in DHT.c in toxcore 0.1.9 through 0.1.11 and 0.2.0 through 0.2.12 (caused by an improper length calculation during the handling of received network packets) allows remote attackers to crash the process or potentially execute arbitrary code via a network packet.

References (3)

Core 3

Core References

Exploit, Issue Tracking, Patch, Third Party Advisory x_refsource_misc

https://github.com/TokTok/c-toxcore/pull/1718

Mailing List, Third Party Advisory vendor-advisory x_refsource_fedora

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/S7EBS3NIRYJ7V3PTNINP3PJSVUHGZTGA/

Mailing List, Third Party Advisory vendor-advisory x_refsource_fedora

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZLTKINSPO5T65LB3ZASDPCREKUE22RYE/

Scores

CVSS v3 9.8

EPSS 0.0395

EPSS Percentile 89.0%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-682

Status published

Products (3)

fedoraproject/fedora 34

fedoraproject/fedora 35

toktok/toxcore 0.1.9 - 0.1.11

Published Dec 13, 2021

Tracked Since Feb 18, 2026