CVE-2018-25022

NameCVE-2018-25022
DescriptionThe Onion module in toxcore before 0.2.2 doesn't restrict which packets can be onion-routed, which allows a remote attacker to discover a target user's IP address (when knowing only their Tox Id) by positioning themselves close to target's Tox Id in the DHT for the target to establish an onion connection with the attacker, guessing the target's DHT public key and creating a DHT node with public key close to it, and finally onion-routing a NAT Ping Request to the target, requesting it to ping the just created DHT node.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
libtoxcore (PTS)bullseye0.2.12-1fixed
bookworm0.2.18-1fixed
sid, trixie0.2.19-1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
libtoxcoresource(unstable)0.2.2-1

Notes

https://blog.tox.chat/2018/04/security-vulnerability-and-new-toxcore-release
https://github.com/TokTok/c-toxcore/issues/873
https://github.com/TokTok/c-toxcore/pull/872
Search for package or bug name: Reporting problems