FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

Memory leak bug in Toxcore

Affected packages
toxcore < 0.2.8,1


VuXML ID 4c11b51e-cd8d-11e8-b0cb-a0f3c100ae18
Discovery 2018-09-29
Entry 2018-10-11

The Tox project blog reports:

A memory leak bug was discovered in Toxcore that can be triggered remotely to exhaust one’s system memory, resulting in a denial of service attack. The bug is present in the TCP Server module of Toxcore and therefore it affects mostly bootstrap nodes. Regular Tox clients generally have the TCP Server functionality disabled by default, leaving them unaffected.