CVE-2016-2851

libotr 4.1.0 - Memory Corruption

Severity Score

9.8

*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

Integer overflow in proto.c in libotr before 4.1.1 on 64-bit platforms allows remote attackers to cause a denial of service (memory corruption and application crash) or execute arbitrary code via a series of large OTR messages, which triggers a heap-based buffer overflow.

Desbordamiento de entero en proto.c en libotr en versiones anteriores a 4.1.1 en plataformas de 64-bit permite a atacantes remotos causar denegación de servicio (corrupción de memoria y caída de aplicación) o ejecutar código arbitrario a través de una serie de mensajes OTR grandes, lo que desencadena un desbordamiento de buffer basado en memoria dinámica.

A remote attacker may crash or execute arbitrary code in libotr by sending large OTR messages. While processing specially crafted messages, attacker controlled data on the heap is written out of bounds. No special user interaction or authorization is necessary in default configurations. libotr versions 4.1.0 and below are affected.

*Credits: N/A

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Attack Vector

Network

Attack Complexity

Low

Authentication

None

Confidentiality

Partial

Integrity

Partial

Availability

Partial

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2016-03-06 CVE Reserved
2016-03-11 CVE Published
2023-09-18 EPSS Updated
2024-08-05 CVE Updated
2024-08-05 First Exploit
---------- Exploited in Wild
---------- KEV Due Date

CWE

CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer

CAPEC

References (11)

URL	Tag	Source
http://www.securityfocus.com/archive/1/537745/100/0/threaded	Mailing List
http://www.securityfocus.com/bid/84285	Third Party Advisory

URL	Date	SRC
https://www.exploit-db.com/exploits/39550	2024-08-05
http://seclists.org/fulldisclosure/2016/Mar/21	2024-08-05
https://lists.cypherpunks.ca/pipermail/otr-users/2016-March/002581.html	2024-08-05
https://www.x41-dsec.de/lab/advisories/x41-2016-001-libotr	2024-08-05

URL	Date	SRC

URL	Date	SRC
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00021.html	2018-10-30
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00030.html	2018-10-30
http://www.debian.org/security/2016/dsa-3512	2018-10-30
http://www.ubuntu.com/usn/USN-2926-1	2018-10-30
https://security.gentoo.org/glsa/201701-10	2018-10-30

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Debian Search vendor "Debian"		Debian Linux Search vendor "Debian" for product "Debian Linux"				7.0 Search vendor "Debian" for product "Debian Linux" and version "7.0"		-		Affected
Debian Search vendor "Debian"		Debian Linux Search vendor "Debian" for product "Debian Linux"				8.0 Search vendor "Debian" for product "Debian Linux" and version "8.0"		-		Affected
Opensuse Search vendor "Opensuse"		Leap Search vendor "Opensuse" for product "Leap"				42.1 Search vendor "Opensuse" for product "Leap" and version "42.1"		-		Affected
Opensuse Search vendor "Opensuse"		Opensuse Search vendor "Opensuse" for product "Opensuse"				13.2 Search vendor "Opensuse" for product "Opensuse" and version "13.2"		-		Affected
Cypherpunks Search vendor "Cypherpunks"		Libotr Search vendor "Cypherpunks" for product "Libotr"				<= 4.1.0 Search vendor "Cypherpunks" for product "Libotr" and version " <= 4.1.0"		-		Affected