CVE-2018-25021
published 2021-12-13CVE-2018-25021: The TCP Server module in toxcore before 0.2.8 doesn't free the TCP priority queue under certain conditions, which allows a remote attacker to exhaust the…
PriorityP339high7.5CVSS 3.1
AVNACLPRNUINSUCNINAH
EPSS
2.27%
80.8th percentile
The TCP Server module in toxcore before 0.2.8 doesn't free the TCP priority queue under certain conditions, which allows a remote attacker to exhaust the system's memory, causing a denial of service (DoS).
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | libtoxcore | < libtoxcore 0.2.8-1 (bookworm) | libtoxcore 0.2.8-1 (bookworm) |
| toktok | toxcore | < 0.2.8 | 0.2.8 |
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:N/I:N/A:P
osv7.5HIGH
vendor_debian7.5HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Debian
CVE-2018-25021: libtoxcore - The TCP Server module in toxcore before 0.2.8 doesn't free the TCP priority queu...
vendor_debian·2018·CVSS 7.5
CVE-2018-25021 [HIGH] CVE-2018-25021: libtoxcore - The TCP Server module in toxcore before 0.2.8 doesn't free the TCP priority queu...
The TCP Server module in toxcore before 0.2.8 doesn't free the TCP priority queue under certain conditions, which allows a remote attacker to exhaust the system's memory, causing a denial of service (DoS).
Scope: local
bookworm: resolved (fixed in 0.2.8-1)
bullseye: resolved (fixed in 0.2.8-1)
forky: resolved (fixed in 0.2.8-1)
sid: resolved (fixed in 0.2.8-1)
trixie: resolved (fixed in 0.2.8-1)
GHSA
GHSA-p3p2-9rqf-r8j8: The TCP Server module in toxcore before 0
ghsa_unreviewed·2021-12-14
CVE-2018-25021 [HIGH] CWE-404 GHSA-p3p2-9rqf-r8j8: The TCP Server module in toxcore before 0
The TCP Server module in toxcore before 0.2.8 doesn't free the TCP priority queue under certain conditions, which allows a remote attacker to exhaust the system's memory, causing a denial of service (DoS).
OSV
CVE-2018-25021: The TCP Server module in toxcore before 0
osv·2021-12-13·CVSS 7.5
CVE-2018-25021 [HIGH] CVE-2018-25021: The TCP Server module in toxcore before 0
The TCP Server module in toxcore before 0.2.8 doesn't free the TCP priority queue under certain conditions, which allows a remote attacker to exhaust the system's memory, causing a denial of service (DoS).
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://blog.tox.chat/2018/10/memory-leak-bug-and-new-toxcore-release-fixing-it/https://github.com/TokTok/c-toxcore/issues/1214https://github.com/TokTok/c-toxcore/pull/1216https://blog.tox.chat/2018/10/memory-leak-bug-and-new-toxcore-release-fixing-it/https://github.com/TokTok/c-toxcore/issues/1214https://github.com/TokTok/c-toxcore/pull/1216
2021-12-13
Published