NVD

Id
18835  
Name
CVE-2016-2851  
Description
Integer overflow in proto.c in libotr before 4.1.1 on 64-bit platforms allows remote attackers to cause a denial of service (memory corruption and application crash) or execute arbitrary code via a series of large OTR messages, which triggers a heap-based buffer overflow.  
Reject
 
CVSS Version
2  
CVSS Score
7.5  
Severity
High  
CVSS Base Score
7.5  
CVSS Impact Subscore
6.4  
CVSS Exploit Subscore
10  
CVSS Vector
(AV:N/AC:L/Au:N/C:P/I:P/A:P)  
Pub Date
2017-01-19  
Published
2016-04-07  
Modified Date
2016-12-02  
Seq
2016-2851  

Actions

Related NVD References

Id NVD Id NVD No. Reference Actions
104636 18835 CVE-2016-2851 openSUSE-SU-2016:0708  View
104637 18835 CVE-2016-2851 openSUSE-SU-2016:0732  View
104638 18835 CVE-2016-2851 20160309 Advisory X41-2016-001: Memory Corruption Vulnerability in "libotr"  View
104639 18835 CVE-2016-2851 DSA-3512  View
104640 18835 CVE-2016-2851 20160309 Advisory X41-2016-001: Memory Corruption Vulnerability in "libotr"  View
104641 18835 CVE-2016-2851 84285  View
104642 18835 CVE-2016-2851 USN-2926-1  View
104643 18835 CVE-2016-2851 [OTR-users] 20160309 Security Advisory: upgrade to libotr 4.1.1  View
104644 18835 CVE-2016-2851 https://www.x41-dsec.de/lab/advisories/x41-2016-001-libotr/  View

Related JVN

Id Name Title Summary Cveinfo Name Cveinfo Id Nvdinfo Name Nvdinfo Id Cvssv2 Cvssv3 Jvnurl Published Date Last Updated Date Actions
1217 JVNDB-2016-001990 64-bit プラットフォーム上で稼動する libotr の proto.c における整数オーバーフローの脆弱性 64-bit プラットフォーム上で稼動する libotr の proto.c には、整数オーバーフローの脆弱性が存在します。 CVE-2016-2851 89357 CVE-2016-2851 18835 7.5 9.8 http://jvndb.jvn.jp/ja/contents/2016/JVNDB-2016-001990.html 2016-03-09 2016-04-12 View