CVE-2018-25021

NameCVE-2018-25021
DescriptionThe TCP Server module in toxcore before 0.2.8 doesn't free the TCP priority queue under certain conditions, which allows a remote attacker to exhaust the system's memory, causing a denial of service (DoS).
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
libtoxcore (PTS)buster0.2.9-1fixed
bullseye0.2.12-1fixed
sid, bookworm0.2.18-1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
libtoxcoresource(unstable)0.2.8-1

Notes

https://blog.tox.chat/2018/10/memory-leak-bug-and-new-toxcore-release-fixing-it/
https://github.com/TokTok/c-toxcore/issues/1214
https://github.com/TokTok/c-toxcore/pull/1216
Search for package or bug name: Reporting problems