From nurupo at tox.chat Mon Dec 13 22:04:16 2021 From: nurupo at tox.chat (nurupo) Date: Mon, 13 Dec 2021 17:04:16 -0500 Subject: [Bootstrap] Toxcore vulnerability discovered (CVE-2021-44847), update nodes to Toxcore 0.2.13 Message-ID: <5c6b9645bbb79927648dab370360731f@tox.chat> Hi, A vulnerability was discovered in Toxcore 0.2.12 and earlier that allows anyone to easily crash bootstrap nodes and may allow arbitrary code execution. The vulnerability was assigned CVE-2021-44847 identifier. You can read more about it in the blog post https://blog.tox.chat/2021/12/stack-based-buffer-overflow-vulnerability-in-udp-packet-handling-in-toxcore-cve-2021-44847/ The vulnerability was patched in the recently released Toxcore 0.2.13. Please update your bootstrap nodes to use Toxcore 0.2.13. -- Regards, nurupo