Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
osvGoogleOSV:DSA-2526-1
HistoryAug 12, 2012 - 12:00 a.m.

libotr - buffer overflow

2012-08-1200:00:00
Google
osv.dev
6

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

JSON

Just Ferguson discovered that libotr, an off-the-record (OTR) messaging
library, can be forced to perform zero-length allocations for heap buffers
that are used in base64 decoding routines. An attacker can exploit this
flaw by sending crafted messages to an application that is using libotr to
perform denial of service attacks or potentially execute arbitrary code.

For the stable distribution (squeeze), this problem has been fixed in
version 3.2.0-2+squeeze1.

For the testing distribution (wheezy), this problem has been fixed in
version 3.2.1-1.

For the unstable distribution (sid), this problem has been fixed in
version 3.2.1-1.

We recommend that you upgrade your libotr packages.

CPENameOperatorVersion
libotreq3.2.0-2

Related

suse 3
openvas 16
nessus 13
fedora 3
prion 1
freebsd 1
ubuntu 1
ubuntucve 1
cve 1
debiancve 1
securityvulns 2
debian 1
gentoo 1
suse
suse
update for libotr (important)
2013-01-23 14:06:13
Security update for libotr (important)
2012-11-28 00:09:21
update for libotr (important)
2012-11-22 11:14:07
openvas
openvas
Ubuntu Update for libotr USN-1541-1
2012-08-17 00:00:00
Ubuntu: Security Advisory (USN-1541-1)
2012-08-17 00:00:00
SUSE: Security Advisory (SUSE-SU-2012:1578-1)
2021-06-09 00:00:00
nessus
nessus
Mandriva Linux Security Advisory : libotr (MDVSA-2013:097)
2013-04-20 00:00:00
SuSE 10 Security Update : libotr (ZYPP Patch Number 8377)
2012-11-28 00:00:00
openSUSE Security Update : libotr (openSUSE-SU-2012:1525-1)
2014-06-13 00:00:00
fedora
fedora
[SECURITY] Fedora 16 Update: libotr-3.2.1-1.fc16
2012-08-25 03:01:16
[SECURITY] Fedora 18 Update: libotr-3.2.1-1.fc18
2012-09-17 23:42:44
[SECURITY] Fedora 17 Update: libotr-3.2.1-1.fc17
2012-08-25 02:56:21
prion
prion
Heap overflow
2012-08-20 19:55:00
freebsd
freebsd
libotr -- buffer overflows
2012-07-27 00:00:00
ubuntu
ubuntu
libotr vulnerability
2012-08-16 00:00:00
ubuntucve
ubuntucve
CVE-2012-3461
2012-08-10 00:00:00
cve
cve
CVE-2012-3461
2012-08-20 19:55:00
debiancve
debiancve
CVE-2012-3461
2012-08-20 19:55:00
securityvulns
securityvulns
[USN-1541-1] libotr vulnerability
2012-08-20 00:00:00
libotr multiple buffer overflows
2012-08-20 00:00:00
debian
debian
[SECURITY] [DSA 2526-1] libotr security update
2012-08-12 18:43:04
gentoo
gentoo
libotr: Arbitrary code execution
2013-09-15 00:00:00

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

JSON
Related for OSV:DSA-2526-1
suse3openvas16nessus13fedora3prion1freebsd1ubuntu1ubuntucve1cve1debiancve1securityvulns2debian1gentoo1