CVE-2012-3461

Priority
Low
Description
The (1) otrl_base64_otr_decode function in src/b64.c; (2)
otrl_proto_data_read_flags and (3) otrl_proto_accept_data functions in
src/proto.c; and (4) decode function in toolkit/parse.c in libotr before
3.2.1 allocates a zero-length buffer when decoding a base64 string, which
allows remote attackers to cause a denial of service (application crash)
via a message with the value "?OTR:===.", which triggers a heap-based
buffer overflow.
References
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3461
http://lists.cypherpunks.ca/pipermail/otr-dev/2012-July/001347.html
http://www.ubuntu.com/usn/usn-1541-1
Bugs
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=684121
Package
Source: libotr (LP Ubuntu Debian)
Upstream:released (3.2.1-1)
Ubuntu 8.04 LTS (Hardy Heron):ignored (reached end-of-life)
Ubuntu 10.04 LTS (Lucid Lynx):released (3.2.0-2ubuntu0.1)
Ubuntu 11.04 (Natty Narwhal):released (3.2.0-2ubuntu1.1)
Ubuntu 11.10 (Oneiric Ocelot):released (3.2.0-2.1ubuntu0.1)
Ubuntu 12.04 LTS (Precise Pangolin):released (3.2.0-4ubuntu0.1)
Ubuntu 12.10 (Quantal Quetzal):released (3.2.1-1)
Patches:
Upstream:http://otr.git.sourceforge.net/git/gitweb.cgi?p=otr/libotr;a=commitdiff;h=b17232f86f8e60d0d22caf9a2400494d3c77da58
Upstream:http://otr.git.sourceforge.net/git/gitweb.cgi?p=otr/libotr;a=commitdiff;h=6d4ca89cf1d3c9a8aff696c3a846ac5a51f762c1
Upstream:http://otr.git.sourceforge.net/git/gitweb.cgi?p=otr/libotr;a=commitdiff;h=1902baee5d4b056850274ed0fa8c2409f1187435
More Information

Valid XHTML 1.0 Strict

Updated: 2012-08-22 22:14:32 UTC (commit 5659)