Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
NVD Vulnerability Details :
CVE-2012-3461
Deferred
More InfoOfficial Page
Source-secalert@redhat.com
View Known Exploited Vulnerability (KEV) details
Published At-20 Aug, 2012 | 19:55
Updated At-11 Apr, 2025 | 00:51

The (1) otrl_base64_otr_decode function in src/b64.c; (2) otrl_proto_data_read_flags and (3) otrl_proto_accept_data functions in src/proto.c; and (4) decode function in toolkit/parse.c in libotr before 3.2.1 allocates a zero-length buffer when decoding a base64 string, which allows remote attackers to cause a denial of service (application crash) via a message with the value "?OTR:===.", which triggers a heap-based buffer overflow.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary2.04.3MEDIUM
AV:N/AC:M/Au:N/C:N/I:N/A:P
CPE Matches
cypherpunks
cypherpunks
>>libotr>>Versions up to 3.2.0(inclusive)
cpe:2.3:a:cypherpunks:libotr:*:*:*:*:*:*:*:*
cypherpunks
cypherpunks
>>libotr>>3.1.0
cpe:2.3:a:cypherpunks:libotr:3.1.0:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-119Primarynvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=684121secalert@redhat.com
N/A
http://lists.cypherpunks.ca/pipermail/otr-dev/2012-July/001347.htmlsecalert@redhat.com
N/A
http://lists.cypherpunks.ca/pipermail/otr-dev/2012-July/001348.htmlsecalert@redhat.com
N/A
http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00016.htmlsecalert@redhat.com
N/A
http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00019.htmlsecalert@redhat.com
N/A
http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00019.htmlsecalert@redhat.com
N/A
http://otr.git.sourceforge.net/git/gitweb.cgi?p=otr/libotr%3Ba=commitdiff%3Bh=1902baee5d4b056850274ed0fa8c2409f1187435secalert@redhat.com
N/A
http://otr.git.sourceforge.net/git/gitweb.cgi?p=otr/libotr%3Ba=commitdiff%3Bh=6d4ca89cf1d3c9a8aff696c3a846ac5a51f762c1secalert@redhat.com
N/A
http://otr.git.sourceforge.net/git/gitweb.cgi?p=otr/libotr%3Ba=commitdiff%3Bh=b17232f86f8e60d0d22caf9a2400494d3c77da58secalert@redhat.com
N/A
http://www.debian.org/security/2012/dsa-2526secalert@redhat.com
N/A
http://www.mandriva.com/security/advisories?name=MDVSA-2012:131secalert@redhat.com
N/A
http://www.mandriva.com/security/advisories?name=MDVSA-2013:097secalert@redhat.com
N/A
http://www.securityfocus.com/bid/54907secalert@redhat.com
N/A
http://www.ubuntu.com/usn/USN-1541-1secalert@redhat.com
N/A
https://bugzilla.redhat.com/show_bug.cgi?id=846377secalert@redhat.com
N/A
https://exchange.xforce.ibmcloud.com/vulnerabilities/77528secalert@redhat.com
N/A
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=684121af854a3a-2127-422b-91ae-364da2661108
N/A
http://lists.cypherpunks.ca/pipermail/otr-dev/2012-July/001347.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://lists.cypherpunks.ca/pipermail/otr-dev/2012-July/001348.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00016.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00019.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00019.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://otr.git.sourceforge.net/git/gitweb.cgi?p=otr/libotr%3Ba=commitdiff%3Bh=1902baee5d4b056850274ed0fa8c2409f1187435af854a3a-2127-422b-91ae-364da2661108
N/A
http://otr.git.sourceforge.net/git/gitweb.cgi?p=otr/libotr%3Ba=commitdiff%3Bh=6d4ca89cf1d3c9a8aff696c3a846ac5a51f762c1af854a3a-2127-422b-91ae-364da2661108
N/A
http://otr.git.sourceforge.net/git/gitweb.cgi?p=otr/libotr%3Ba=commitdiff%3Bh=b17232f86f8e60d0d22caf9a2400494d3c77da58af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.debian.org/security/2012/dsa-2526af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.mandriva.com/security/advisories?name=MDVSA-2012:131af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.mandriva.com/security/advisories?name=MDVSA-2013:097af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.securityfocus.com/bid/54907af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.ubuntu.com/usn/USN-1541-1af854a3a-2127-422b-91ae-364da2661108
N/A
https://bugzilla.redhat.com/show_bug.cgi?id=846377af854a3a-2127-422b-91ae-364da2661108
N/A
https://exchange.xforce.ibmcloud.com/vulnerabilities/77528af854a3a-2127-422b-91ae-364da2661108
N/A
Change History
0Changes found
Details not found