Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ubuntucveUbuntu.comUB:CVE-2012-3461
HistoryAug 10, 2012 - 12:00 a.m.

CVE-2012-3461

2012-08-1000:00:00
ubuntu.com
ubuntu.com
9

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

0.036 Low

EPSS

Percentile

91.6%

JSON

The (1) otrl_base64_otr_decode function in src/b64.c; (2)
otrl_proto_data_read_flags and (3) otrl_proto_accept_data functions in
src/proto.c; and (4) decode function in toolkit/parse.c in libotr before
3.2.1 allocates a zero-length buffer when decoding a base64 string, which
allows remote attackers to cause a denial of service (application crash)
via a message with the value “?OTR:===.”, which triggers a heap-based
buffer overflow.

Bugs

OSVersionArchitecturePackageVersionFilename
ubuntu10.04noarchlibotr< 3.2.0-2ubuntu0.1UNKNOWN
ubuntu11.04noarchlibotr< 3.2.0-2ubuntu1.1UNKNOWN
ubuntu11.10noarchlibotr< 3.2.0-2.1ubuntu0.1UNKNOWN
ubuntu12.04noarchlibotr< 3.2.0-4ubuntu0.1UNKNOWN

Related

suse 3
openvas 16
nessus 13
fedora 3
prion 1
freebsd 1
osv 1
ubuntu 1
cve 1
debiancve 1
securityvulns 2
gentoo 1
debian 1
suse
suse
update for libotr (important)
2013-01-23 14:06:13
Security update for libotr (important)
2012-11-28 00:09:21
update for libotr (important)
2012-11-22 11:14:07
openvas
openvas
Ubuntu Update for libotr USN-1541-1
2012-08-17 00:00:00
Ubuntu: Security Advisory (USN-1541-1)
2012-08-17 00:00:00
SUSE: Security Advisory (SUSE-SU-2012:1578-1)
2021-06-09 00:00:00
nessus
nessus
Mandriva Linux Security Advisory : libotr (MDVSA-2013:097)
2013-04-20 00:00:00
SuSE 10 Security Update : libotr (ZYPP Patch Number 8377)
2012-11-28 00:00:00
openSUSE Security Update : libotr (openSUSE-SU-2012:1525-1)
2014-06-13 00:00:00
fedora
fedora
[SECURITY] Fedora 16 Update: libotr-3.2.1-1.fc16
2012-08-25 03:01:16
[SECURITY] Fedora 18 Update: libotr-3.2.1-1.fc18
2012-09-17 23:42:44
[SECURITY] Fedora 17 Update: libotr-3.2.1-1.fc17
2012-08-25 02:56:21
prion
prion
Heap overflow
2012-08-20 19:55:00
freebsd
freebsd
libotr -- buffer overflows
2012-07-27 00:00:00
osv
osv
libotr - buffer overflow
2012-08-12 00:00:00
ubuntu
ubuntu
libotr vulnerability
2012-08-16 00:00:00
cve
cve
CVE-2012-3461
2012-08-20 19:55:00
debiancve
debiancve
CVE-2012-3461
2012-08-20 19:55:00
securityvulns
securityvulns
libotr multiple buffer overflows
2012-08-20 00:00:00
[USN-1541-1] libotr vulnerability
2012-08-20 00:00:00
gentoo
gentoo
libotr: Arbitrary code execution
2013-09-15 00:00:00
debian
debian
[SECURITY] [DSA 2526-1] libotr security update
2012-08-12 18:43:04

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

0.036 Low

EPSS

Percentile

91.6%

JSON
Related for UB:CVE-2012-3461
suse3openvas16nessus13fedora3prion1freebsd1osv1ubuntu1cve1debiancve1securityvulns2gentoo1debian1