Download
| Alert*
|
oval:org.secpod.oval:def:602409
Markus Vervier of X41 D-Sec GmbH discovered an integer overflow vulnerability in libotr, an off-the-record messaging library, in the way how the sizes of portions of incoming messages were stored. A remote attacker can exploit this flaw by sending crafted messages to an application that is using li ... oval:org.secpod.oval:def:703019 libotr: Off-the-Record Messaging library OTR could be made to crash or run programs if it received specially crafted network traffic. oval:org.secpod.oval:def:701554 libotr: Off-the-Record Messaging library Applications using the OTR secure chat protocol could be made to expose sensitive information over the network. oval:org.secpod.oval:def:702008 libotr2 is installed oval:org.secpod.oval:def:600865 Just Ferguson discovered that libotr, an off-the-record messaging library, can be forced to perform zero-length allocations for heap buffers that are used in base64 decoding routines. An attacker can exploit this flaw by sending crafted messages to an application that is using libotr to perform den ... oval:org.secpod.oval:def:700970 libotr: Off-the-Record Messaging library Applications using Off-the-Record messaging plugins could be made to crash or run programs if it received specially crafted network messages. |
