2 matches found
Debian Security Advisory DSA 2526-1 (libotr)
The remote host is missing an update to libotr announced via advisory DSA 2526-1. OpenVAS Vulnerability Test $Id: deb25261.nasl 6612 2017-07-07 12:08:03Z cfischer $ Description: Auto-generated from advisory DSA 2526-1 libotr Authors: Thomas Reinke Copyright: Copyright c 2012 E-Soft Inc...
Debian DSA-2526-1 : libotr - heap-based buffer overflows
Just Ferguson discovered that libotr, an off-the-record OTR messaging library, can be forced to perform zero-length allocations for heap buffers that are used in base64 decoding routines. An attacker can exploit this flaw by sending crafted messages to an application that is using libotr to perfo...