Lucene search

K
ubuntuUbuntuUSN-2926-1
HistoryMar 10, 2016 - 12:00 a.m.

OTR vulnerability

2016-03-1000:00:00
ubuntu.com
35

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

10

Confidence

High

EPSS

0.036

Percentile

91.7%

Releases

  • Ubuntu 12.04

Packages

  • libotr - Off-the-Record Messaging library

Details

Markus Vervier discovered that OTR incorrectly handled large incoming
messages. A remote attacker could use this issue to cause OTR to crash,
resulting in a denial of service, or possibly execute arbitrary code.

OSVersionArchitecturePackageVersionFilename
Ubuntu12.04noarchlibotr2< 3.2.0-4ubuntu0.3UNKNOWN
Ubuntu12.04noarchlibotr2-bin< 3.2.0-4ubuntu0.3UNKNOWN
Ubuntu12.04noarchlibotr2-bin-dbgsym< 3.2.0-4ubuntu0.3UNKNOWN
Ubuntu12.04noarchlibotr2-dbgsym< 3.2.0-4ubuntu0.3UNKNOWN
Ubuntu12.04noarchlibotr2-dev< 3.2.0-4ubuntu0.3UNKNOWN

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

10

Confidence

High

EPSS

0.036

Percentile

91.7%