Toktok: >> Toxcore >> 0.2.7 Security Vulnerabilities
The TCP Server module in toxcore before 0.2.8 doesn't free the TCP priority queue under certain conditions, which allows a remote attacker to exhaust the system's memory, causing a denial of service (DoS).
CVSS Score
7.5
EPSS Score
0.01
Published
2021-12-13
A stack-based buffer overflow in handle_request function in DHT.c in toxcore 0.1.9 through 0.1.11 and 0.2.0 through 0.2.12 (caused by an improper length calculation during the handling of received network packets) allows remote attackers to crash the process or potentially execute arbitrary code via a network packet.
CVSS Score
9.8
EPSS Score
0.022
Published
2021-12-13