Launchpad.net

CVE 2012-3461

The (1) otrl_base64_otr_decode function in src/b64.c; (2) otrl_proto_data_read_flags and (3) otrl_proto_accept_data functions in src/proto.c; and (4) decode function in toolkit/parse.c in libotr before 3.2.1 allocates a zero-length buffer when decoding a base64 string, which allows remote attackers to cause a denial of service (application crash) via a message with the value "?OTR:===.", which triggers a heap-based buffer overflow.

Related bugs and status

CVE-2012-3461 (Candidate) is related to these bugs:

Bug #1034623: Multiple heap-based buffer overflows

		In	Importance	Status
1034623	Multiple heap-based buffer overflows	libotr (Ubuntu)	Undecided	Fix Released
1034623	Multiple heap-based buffer overflows	libotr (Debian)	Unknown	Fix Released
1034623	Multiple heap-based buffer overflows	libotr (Ubuntu Lucid)	Undecided	Fix Released
1034623	Multiple heap-based buffer overflows	libotr (Ubuntu Natty)	Undecided	Fix Released
1034623	Multiple heap-based buffer overflows	libotr (Ubuntu Oneiric)	Undecided	Fix Released
1034623	Multiple heap-based buffer overflows	libotr (Ubuntu Precise)	Undecided	Fix Released
1034623	Multiple heap-based buffer overflows	libotr (Ubuntu Quantal)	Undecided	Fix Released

See the

CVE page on Mitre.org for more details.

Launchpad.net

CVE 2012-3461

Related bugs and status

Related bugs

References