CVE-2021-44847

CRITICAL

Toktok Toxcore < 0.1.11 - Buffer Overflow

Title source: rule

Description

A stack-based buffer overflow in handle_request function in DHT.c in toxcore 0.1.9 through 0.1.11 and 0.2.0 through 0.2.12 (caused by an improper length calculation during the handling of received network packets) allows remote attackers to crash the process or potentially execute arbitrary code via a network packet.

References (3)

[Exploit, Issue Tracking, Patch, Third Party Advisory] https://github.com/TokTok/c-toxcore/pull/1718

[Mailing List, Third Party Advisory] https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/S7EBS3NIRYJ7V3PTNINP3PJSVUHGZTGA/

[Mailing List, Third Party Advisory] https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZLTKINSPO5T65LB3ZASDPCREKUE22RYE/

Scores

CVSS v3 9.8

EPSS 0.0395

EPSS Percentile 88.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-682

Status published

Products (3)

fedoraproject/fedora 34

fedoraproject/fedora 35

toktok/toxcore 0.1.9 - 0.1.11

Published Dec 13, 2021

Tracked Since Feb 18, 2026