[Bootstrap] Toxcore vulnerability discovered (CVE-2021-44847), update nodes to Toxcore 0.2.13
nurupo
nurupo at tox.chat
Mon Dec 13 22:04:16 UTC 2021
Hi,
A vulnerability was discovered in Toxcore 0.2.12 and earlier that allows
anyone to easily crash bootstrap nodes and may allow arbitrary code
execution. The vulnerability was assigned CVE-2021-44847 identifier.
You can read more about it in the blog post
https://blog.tox.chat/2021/12/stack-based-buffer-overflow-vulnerability-in-udp-packet-handling-in-toxcore-cve-2021-44847/
The vulnerability was patched in the recently released Toxcore 0.2.13.
Please update your bootstrap nodes to use Toxcore 0.2.13.
--
Regards,
nurupo
More information about the Bootstrap
mailing list