CVE-2018-25021 Information

Description

The TCP Server module in toxcore before 0.2.8 doesn’t free the TCP priority queue under certain conditions which allows a remote attacker to exhaust the system’s memory causing a denial of service (DoS).

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Reference

https://blog.tox.chat/2018/10/memory-leak-bug-and-new-toxcore-release-fixing-it/ https://github.com/TokTok/c-toxcore/issues/1214 https://github.com/TokTok/c-toxcore/pull/1216

Attack Complexity

LOW

Privileges Required

NONE

User Interaction Required

NONE

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

NONE

Availability Impact

NONE

Base Score

HIGH

Base Severity

7.5