FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVE-2012-3461

This CVE name corresponds to:

Entered Topic
2012-08-18 libotr -- buffer overflows

The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.

CVE-2012-3461 at cve.mitre.org

Details

Type Candidate
Name CVE-2012-3461
Phase Assigned(20120614)

Description

The (1) otrl_base64_otr_decode function in src/b64.c; (2) otrl_proto_data_read_flags and (3) otrl_proto_accept_data functions in src/proto.c; and (4) decode function in toolkit/parse.c in libotr before 3.2.1 allocates a zero-length buffer when decoding a base64 string, which allows remote attackers to cause a denial of service (application crash) via a message with the value "?OTR:===.", which triggers a heap-based buffer overflow.

References

Source Reference
MLIST [OTR-dev] 20120727 Re: otrl_base64_otr_decode() function...
MLIST [OTR-dev] 20120727 otrl_base64_otr_decode() function...
MISC http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=684121
MISC https://bugzilla.redhat.com/show_bug.cgi?id=846377
CONFIRM http://otr.git.sourceforge.net/git/gitweb.cgi?p=otr/libotr;a=commitdiff;h=1902baee5d4b056850274ed0fa8c2409f1187435
CONFIRM http://otr.git.sourceforge.net/git/gitweb.cgi?p=otr/libotr;a=commitdiff;h=6d4ca89cf1d3c9a8aff696c3a846ac5a51f762c1
CONFIRM http://otr.git.sourceforge.net/git/gitweb.cgi?p=otr/libotr;a=commitdiff;h=b17232f86f8e60d0d22caf9a2400494d3c77da58
DEBIAN DSA-2526
MANDRIVA MDVSA-2012:131
MANDRIVA MDVSA-2013:097
SUSE SUSE-SU-2012:1578
SUSE openSUSE-SU-2012:1525
SUSE openSUSE-SU-2013:0155
UBUNTU USN-1541-1
BID 54907
XF libotr-base64-bo(77528)

Copyright © 2005 The MITRE Corporation.

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.