CVE-2018-25021

NameCVE-2018-25021
DescriptionThe TCP Server module in toxcore before 0.2.8 doesn't free the TCP priority queue under certain conditions, which allows a remote attacker to exhaust the system's memory, causing a denial of service (DoS).
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Debian ELTS, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
libtoxcore (PTS)bullseye0.2.12-1fixed
bookworm0.2.18-1fixed
forky, sid, trixie0.2.20-1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
libtoxcoresource(unstable)0.2.8-1

Notes

https://blog.tox.chat/2018/10/memory-leak-bug-and-new-toxcore-release-fixing-it/
https://github.com/TokTok/c-toxcore/issues/1214
https://github.com/TokTok/c-toxcore/pull/1216
Search for package or bug name: Reporting problems