CVE-2018-25021Improper Resource Shutdown or Release in Toxcore

CWE-404Improper Resource Shutdown or Release4 documents4 sources
Severity
7.5HIGHNVD
EPSS
1.0%
top 23.20%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Toktok ToxcoreDebian Libtoxcore
Timeline
PublishedDec 13
Latest updateDec 14

Description

The TCP Server module in toxcore before 0.2.8 doesn't free the TCP priority queue under certain conditions, which allows a remote attacker to exhaust the system's memory, causing a denial of service (DoS).

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

NVDtoktok/toxcore< 0.2.8
debiandebian/libtoxcore< libtoxcore 0.2.8-1 (bookworm)

🔴Vulnerability Details

2
GHSA
GHSA-p3p2-9rqf-r8j8: The TCP Server module in toxcore before 02021-12-14
OSV
CVE-2018-25021: The TCP Server module in toxcore before 02021-12-13

📋Vendor Advisories

1
Debian
CVE-2018-25021: libtoxcore - The TCP Server module in toxcore before 0.2.8 doesn't free the TCP priority queu...2018
CVE-2018-25021 — Improper Resource Shutdown or Release | cvebase