CVE-2012-3461Improper Restriction of Operations within the Bounds of a Memory Buffer in Libotr

CWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer8 documents6 sources
Severity
4.3MEDIUMNVD
EPSS
3.2%
top 13.04%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Cypherpunks LibotrDebian Libotr
Timeline
PublishedAug 20
Latest updateMay 17

Description

The (1) otrl_base64_otr_decode function in src/b64.c; (2) otrl_proto_data_read_flags and (3) otrl_proto_accept_data functions in src/proto.c; and (4) decode function in toolkit/parse.c in libotr before 3.2.1 allocates a zero-length buffer when decoding a base64 string, which allows remote attackers to cause a denial of service (application crash) via a message with the value "?OTR:===.", which triggers a heap-based buffer overflow.

CVSS vector

AV:N/AC:M/C:N/I:N/A:PExploitability: 8.6 | Impact: 2.9

Affected Packages3 packages

debiandebian/libotr< libotr 3.2.1-1 (bookworm)
Debiancypherpunks/libotr< 3.2.1-1+3
NVDcypherpunks/libotr3.2.0+1

🔴Vulnerability Details

2
GHSA
GHSA-gwfv-2hfv-wqmr: The (1) otrl_base64_otr_decode function in src/b642022-05-17
OSV
CVE-2012-3461: The (1) otrl_base64_otr_decode function in src/b642012-08-20

📋Vendor Advisories

2
Ubuntu
libotr vulnerability2012-08-16
Debian
CVE-2012-3461: libotr - The (1) otrl_base64_otr_decode function in src/b64.c; (2) otrl_proto_data_read_f...2012

💬Community

3
Bugzilla
CVE-2012-3461 libotr: Multiple heap-based buffer overflows in the Base64 decoder [epel-all]2012-08-07
Bugzilla
CVE-2012-3461 libotr: Multiple heap-based buffer overflows in the Base64 decoder [fedora-all]2012-08-07
Bugzilla
CVE-2012-3461 libotr: Multiple heap-based buffer overflows in the Base64 decoder2012-08-07
CVE-2012-3461 — Debian Libotr vulnerability | cvebase