CVE-2012-3461
published 2012-08-20CVE-2012-3461: The (1) otrl_base64_otr_decode function in src/b64.c; (2) otrl_proto_data_read_flags and (3) otrl_proto_accept_data functions in src/proto.c; and (4) decode…
PriorityP423medium4.3CVSS 2.0
AVNACMAuNCNINAP
EPSS
3.44%
87.5th percentile
The (1) otrl_base64_otr_decode function in src/b64.c; (2) otrl_proto_data_read_flags and (3) otrl_proto_accept_data functions in src/proto.c; and (4) decode function in toolkit/parse.c in libotr before 3.2.1 allocates a zero-length buffer when decoding a base64 string, which allows remote attackers to cause a denial of service (application crash) via a message with the value "?OTR:===.", which triggers a heap-based buffer overflow.
Affected
7 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| cypherpunks | libotr | <= 3.2.0 | — |
| cypherpunks | libotr | — | — |
| cypherpunks | libotr | >= 0 < 3.2.1-1 | 3.2.1-1 |
| cypherpunks | libotr | >= 0 < 3.2.1-1 | 3.2.1-1 |
| cypherpunks | libotr | >= 0 < 3.2.1-1 | 3.2.1-1 |
| cypherpunks | libotr | >= 0 < 3.2.1-1 | 3.2.1-1 |
| debian | libotr | < libotr 3.2.1-1 (bookworm) | libotr 3.2.1-1 (bookworm) |
CVSS provenance
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:N/A:P
osv4.3MEDIUM
vendor_debian4.3MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Ubuntu
libotr vulnerability
vendor_ubuntu·2012-08-16
CVE-2012-3461 libotr vulnerability
Title: libotr vulnerability
Summary: Applications using Off-the-Record messaging plugins could be made
to crash or run programs if it received specially crafted network
messages.
Justin Ferguson discovered multiple heap overflows in libotr. A remote
attacker could use this to craft a malformed OTR message that could
cause a denial of service via application crash or possibly execute
arbitrary code.
Instructions: After a standard system update you need to restart any instant
messaging applications using an Off-the-Record messaging plugin to
make all the necessary changes.
Debian
CVE-2012-3461: libotr - The (1) otrl_base64_otr_decode function in src/b64.c; (2) otrl_proto_data_read_f...
vendor_debian·2012·CVSS 4.3
CVE-2012-3461 [MEDIUM] CVE-2012-3461: libotr - The (1) otrl_base64_otr_decode function in src/b64.c; (2) otrl_proto_data_read_f...
The (1) otrl_base64_otr_decode function in src/b64.c; (2) otrl_proto_data_read_flags and (3) otrl_proto_accept_data functions in src/proto.c; and (4) decode function in toolkit/parse.c in libotr before 3.2.1 allocates a zero-length buffer when decoding a base64 string, which allows remote attackers to cause a denial of service (application crash) via a message with the value "?OTR:===.", which triggers a heap-based buffer overflow.
Scope: local
bookworm: resolved (fixed in 3.2.1-1)
bullseye: resolved (fixed in 3.2.1-1)
forky: resolved (fixed in 3.2.1-1)
sid: resolved (fixed in 3.2.1-1)
trixie: resolved (fixed in 3.2.1-1)
GHSA
GHSA-gwfv-2hfv-wqmr: The (1) otrl_base64_otr_decode function in src/b64
ghsa_unreviewed·2022-05-17
CVE-2012-3461 [MEDIUM] CWE-119 GHSA-gwfv-2hfv-wqmr: The (1) otrl_base64_otr_decode function in src/b64
The (1) otrl_base64_otr_decode function in src/b64.c; (2) otrl_proto_data_read_flags and (3) otrl_proto_accept_data functions in src/proto.c; and (4) decode function in toolkit/parse.c in libotr before 3.2.1 allocates a zero-length buffer when decoding a base64 string, which allows remote attackers to cause a denial of service (application crash) via a message with the value "?OTR:===.", which triggers a heap-based buffer overflow.
OSV
CVE-2012-3461: The (1) otrl_base64_otr_decode function in src/b64
osv·2012-08-20·CVSS 4.3
CVE-2012-3461 [MEDIUM] CVE-2012-3461: The (1) otrl_base64_otr_decode function in src/b64
The (1) otrl_base64_otr_decode function in src/b64.c; (2) otrl_proto_data_read_flags and (3) otrl_proto_accept_data functions in src/proto.c; and (4) decode function in toolkit/parse.c in libotr before 3.2.1 allocates a zero-length buffer when decoding a base64 string, which allows remote attackers to cause a denial of service (application crash) via a message with the value "?OTR:===.", which triggers a heap-based buffer overflow.
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2012-3461 libotr: Multiple heap-based buffer overflows in the Base64 decoder [epel-all]
bugzilla·2012-08-07·CVSS 4.3
CVE-2012-3461 [MEDIUM] CVE-2012-3461 libotr: Multiple heap-based buffer overflows in the Base64 decoder [epel-all]
CVE-2012-3461 libotr: Multiple heap-based buffer overflows in the Base64 decoder [epel-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected Fedora
versions.
For comments that are specific to the vulnerability please use bugs filed
against "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When creating a Bodhi update request, please include this bug ID and the
bug IDs of this bug's parent bugs filed against the "Security Response"
product (the top-level CVE bugs). Please mention the CVE IDs being fixed
in the RPM changelog when available.
Bodhi update submission link:
https://admin.fedoraproject.org/updates/new
Bugzilla
CVE-2012-3461 libotr: Multiple heap-based buffer overflows in the Base64 decoder [fedora-all]
bugzilla·2012-08-07·CVSS 4.3
CVE-2012-3461 [MEDIUM] CVE-2012-3461 libotr: Multiple heap-based buffer overflows in the Base64 decoder [fedora-all]
CVE-2012-3461 libotr: Multiple heap-based buffer overflows in the Base64 decoder [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected Fedora
versions.
For comments that are specific to the vulnerability please use bugs filed
against "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When creating a Bodhi update request, please include this bug ID and the
bug IDs of this bug's parent bugs filed against the "Security Response"
product (the top-level CVE bugs). Please mention the CVE IDs being fixed
in the RPM changelog when available.
Bodhi update submission link:
https://admin.fedoraproject.org/updates/n
Bugzilla
CVE-2012-3461 libotr: Multiple heap-based buffer overflows in the Base64 decoder
bugzilla·2012-08-07·CVSS 4.3
CVE-2012-3461 [MEDIUM] CVE-2012-3461 libotr: Multiple heap-based buffer overflows in the Base64 decoder
CVE-2012-3461 libotr: Multiple heap-based buffer overflows in the Base64 decoder
Multiple heap-based buffer overflow flaws were found in the way the Base64 decoder of libotr, an Off-The-Record Messaging library and toolkit, performed decoding of certain messages. A remote attacker could provide a specially-crafted OTR message that once processed in an application linked against libotr would lead to that application crash or, potentially, arbitrary code execution with the privileges of the user running the application.
References:
[1] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=684121
[2] http://lists.cypherpunks.ca/pipermail/otr-dev/2012-July/001347.html
Relevant upstream patches:
[3] http://otr.git.sourceforge.net/git/gitweb.cgi?p=otr/libotr;a=commitdiff;h=b17232f86f8e60d0d22caf9a
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=684121http://lists.cypherpunks.ca/pipermail/otr-dev/2012-July/001347.htmlhttp://lists.cypherpunks.ca/pipermail/otr-dev/2012-July/001348.htmlhttp://lists.opensuse.org/opensuse-security-announce/2012-11/msg00016.htmlhttp://lists.opensuse.org/opensuse-security-announce/2012-11/msg00019.htmlhttp://lists.opensuse.org/opensuse-security-announce/2013-01/msg00019.htmlhttp://otr.git.sourceforge.net/git/gitweb.cgi?p=otr/libotr%3Ba=commitdiff%3Bh=1902baee5d4b056850274ed0fa8c2409f1187435http://otr.git.sourceforge.net/git/gitweb.cgi?p=otr/libotr%3Ba=commitdiff%3Bh=6d4ca89cf1d3c9a8aff696c3a846ac5a51f762c1http://otr.git.sourceforge.net/git/gitweb.cgi?p=otr/libotr%3Ba=commitdiff%3Bh=b17232f86f8e60d0d22caf9a2400494d3c77da58http://www.debian.org/security/2012/dsa-2526http://www.mandriva.com/security/advisories?name=MDVSA-2012:131http://www.mandriva.com/security/advisories?name=MDVSA-2013:097http://www.securityfocus.com/bid/54907http://www.ubuntu.com/usn/USN-1541-1https://bugzilla.redhat.com/show_bug.cgi?id=846377https://exchange.xforce.ibmcloud.com/vulnerabilities/77528http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=684121http://lists.cypherpunks.ca/pipermail/otr-dev/2012-July/001347.htmlhttp://lists.cypherpunks.ca/pipermail/otr-dev/2012-July/001348.htmlhttp://lists.opensuse.org/opensuse-security-announce/2012-11/msg00016.htmlhttp://lists.opensuse.org/opensuse-security-announce/2012-11/msg00019.htmlhttp://lists.opensuse.org/opensuse-security-announce/2013-01/msg00019.htmlhttp://otr.git.sourceforge.net/git/gitweb.cgi?p=otr/libotr%3Ba=commitdiff%3Bh=1902baee5d4b056850274ed0fa8c2409f1187435http://otr.git.sourceforge.net/git/gitweb.cgi?p=otr/libotr%3Ba=commitdiff%3Bh=6d4ca89cf1d3c9a8aff696c3a846ac5a51f762c1http://otr.git.sourceforge.net/git/gitweb.cgi?p=otr/libotr%3Ba=commitdiff%3Bh=b17232f86f8e60d0d22caf9a2400494d3c77da58http://www.debian.org/security/2012/dsa-2526http://www.mandriva.com/security/advisories?name=MDVSA-2012:131http://www.mandriva.com/security/advisories?name=MDVSA-2013:097http://www.securityfocus.com/bid/54907http://www.ubuntu.com/usn/USN-1541-1https://bugzilla.redhat.com/show_bug.cgi?id=846377https://exchange.xforce.ibmcloud.com/vulnerabilities/77528
2012-08-20
Published