FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVE-2016-2851

This CVE name corresponds to:

Entered Topic
2016-03-09 libotr -- integer overflow

The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.

CVE-2016-2851 at cve.mitre.org

Details

Type Candidate
Name CVE-2016-2851
Phase Assigned(20160306)

Description

Integer overflow in proto.c in libotr before 4.1.1 on 64-bit platforms allows remote attackers to cause a denial of service (memory corruption and application crash) or execute arbitrary code via a series of large OTR messages, which triggers a heap-based buffer overflow.

References

Source Reference
BUGTRAQ 20160309 Advisory X41-2016-001: Memory Corruption Vulnerability in "libotr"
FULLDISC 20160309 Advisory X41-2016-001: Memory Corruption Vulnerability in "libotr"
MLIST [OTR-users] 20160309 Security Advisory: upgrade to libotr 4.1.1
MISC https://www.x41-dsec.de/lab/advisories/x41-2016-001-libotr/
DEBIAN DSA-3512
SUSE openSUSE-SU-2016:0708

Copyright © 2005 The MITRE Corporation.

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.