CVSS: 10.0EPSS: 9%CPEs: 1EXPL: 0CVE-2015-8833
https://notcve.org/view.php?id=CVE-2015-8833
Use-after-free vulnerability in the create_smp_dialog function in gtk-dialog.c in the Off-the-Record Messaging (OTR) pidgin-otr plugin before 4.0.2 for Pidgin allows remote attackers to execute arbitrary code via vectors related to the "Authenticate buddy" menu item. Vulnerabilidad de uso después de liberación memoria en la función create_smp_dialog de gtk-dialog.c en el plugin Off-the-Record Messaging (OTR) pidgin-otr anterior a 4.0.2 para Pidgin, que permite a atacantes remotos ejecutar código arbitrario a través de vectores relacionados con el elemento del menú "Authenticate buddy" • http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00095.html http://lists.opensuse.org/opensuse-updates/2016-03/msg00109.html http://www.debian.org/security/2016/dsa-3528 http://www.openwall.com/lists/oss-security/2016/03/09/13 http://www.openwall.com/lists/oss-security/2016/03/09/8 http://www.securityfocus.com/bid/84295 https://blog.fuzzing-project.org/39-Heap-use-after-free-in-Pidgin-OTR-plugin-CVE-2015-8833.html https://bugs.otr.im/issues/128 https& •
CVSS: 9.8EPSS: 3%CPEs: 5EXPL: 4CVE-2016-2851 – libotr 4.1.0 - Memory Corruption
https://notcve.org/view.php?id=CVE-2016-2851
Integer overflow in proto.c in libotr before 4.1.1 on 64-bit platforms allows remote attackers to cause a denial of service (memory corruption and application crash) or execute arbitrary code via a series of large OTR messages, which triggers a heap-based buffer overflow. Desbordamiento de entero en proto.c en libotr en versiones anteriores a 4.1.1 en plataformas de 64-bit permite a atacantes remotos causar denegación de servicio (corrupción de memoria y caída de aplicación) o ejecutar código arbitrario a través de una serie de mensajes OTR grandes, lo que desencadena un desbordamiento de buffer basado en memoria dinámica. A remote attacker may crash or execute arbitrary code in libotr by sending large OTR messages. While processing specially crafted messages, attacker controlled data on the heap is written out of bounds. No special user interaction or authorization is necessary in default configurations. libotr versions 4.1.0 and below are affected. • https://www.exploit-db.com/exploits/39550 http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00021.html http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00030.html http://seclists.org/fulldisclosure/2016/Mar/21 http://www.debian.org/security/2016/dsa-3512 http://www.securityfocus.com/archive/1/537745/100/0/threaded http://www.securityfocus.com/bid/84285 http://www.ubuntu.com/usn/USN-2926-1 https://lists.cypherpunks.ca/pipermail/otr-users/2016-Mar • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 4.3EPSS: 3%CPEs: 2EXPL: 0CVE-2012-3461
https://notcve.org/view.php?id=CVE-2012-3461
The (1) otrl_base64_otr_decode function in src/b64.c; (2) otrl_proto_data_read_flags and (3) otrl_proto_accept_data functions in src/proto.c; and (4) decode function in toolkit/parse.c in libotr before 3.2.1 allocates a zero-length buffer when decoding a base64 string, which allows remote attackers to cause a denial of service (application crash) via a message with the value "?OTR:===.", which triggers a heap-based buffer overflow. La función (1) otrl_base64_otr_decode en src/b64.c; la función (2) otrl_proto_data_read_flags y la función (3) otrl_proto_accept_data en src/proto.c; y la función (4) (decode) in toolkit/parse.c in libotr before v3.2.1 asigna un búfer de longitud cero cuando se decodifica un (string) en base64, lo que permite a atacantes remotos causar una denegación de servicio (caída de la aplicación) a través de un mensaje con el valor "? • http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=684121 http://lists.cypherpunks.ca/pipermail/otr-dev/2012-July/001347.html http://lists.cypherpunks.ca/pipermail/otr-dev/2012-July/001348.html http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00016.html http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00019.html http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00019.html http://otr.git.sourceforge.net/git/gitweb.cgi?p=otr/libotr%3Ba=commitdiff%3Bh&# • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 5%CPEs: 2EXPL: 0CVE-2012-2369
https://notcve.org/view.php?id=CVE-2012-2369
Format string vulnerability in the log_message_cb function in otr-plugin.c in the Off-the-Record Messaging (OTR) pidgin-otr plugin before 3.2.1 for Pidgin might allow remote attackers to execute arbitrary code via format string specifiers in data that generates a log message. Vulnerabilidad de formato de cadena en la función log_message_cb en otr-plugin.c en el plugin Off-the-Record Messaging (OTR) en Pidgin para versiones anteriores a v3.2.1, puede permitir a atacantes remotos ejecutar código arbitrario mediante especificadores de formato de cadena en datos que generan un mensaje de log. • http://lists.opensuse.org/opensuse-security-announce/2012-06/msg00003.html http://openwall.com/lists/oss-security/2012/05/16/2 http://security.gentoo.org/glsa/glsa-201207-05.xml http://www.debian.org/security/2012/dsa-2476 • CWE-134: Use of Externally-Controlled Format String •