vulnerability
Ubuntu: (CVE-2021-44847): libtoxcore vulnerability
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 8 | (AV:N/AC:L/Au:N/C:P/I:P/A:P) | Dec 13, 2021 | Nov 19, 2024 | May 25, 2026 |
Severity
8
CVSS
(AV:N/AC:L/Au:N/C:P/I:P/A:P)
Published
Dec 13, 2021
Added
Nov 19, 2024
Modified
May 25, 2026
Description
A stack-based buffer overflow in handle_request function in DHT.c in toxcore 0.1.9 through 0.1.11 and 0.2.0 through 0.2.12 (caused by an improper length calculation during the handling of received network packets) allows remote attackers to crash the process or potentially execute arbitrary code via a network packet.
Solution
ubuntu-upgrade-libtoxcore
References
- CVE-2021-44847
- https://attackerkb.com/topics/CVE-2021-44847
- CWE-682
- EUVD-EUVD-2021-31650
- https://blog.tox.chat/2021/12/stack-based-buffer-overflow-vulnerability-in-udp-packet-handling-in-toxcore-cve-2021-44847/
- https://euvd.enisa.europa.eu/vulnerability/EUVD-2021-31650
- https://github.com/TokTok/c-toxcore/pull/1718
- https://www.cve.org/CVERecord?id=CVE-2021-44847
Rapid7 Labs
2026 Global Threat Landscape Report
The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.