返回 CVE 瀏覽器

CVE-2016-2851

CRITICAL

9.8

CVSS Severity Score

EPSS Score0.0410%

EPSS Percentile27.70th

Published2016年4月7日

Last Modified2026年5月6日

Vulnerability Description

Integer overflow in proto.c in libotr before 4.1.1 on 64-bit platforms allows remote attackers to cause a denial of service (memory corruption and application crash) or execute arbitrary code via a series of large OTR messages, which triggers a heap-based buffer overflow.

Affected Platforms (CPE)

💻

Debian

Debian Linux

= 7.0

💻

Debian

Debian Linux

= 8.0

💻

Opensuse

Leap

= 42.1

💻

Opensuse

Opensuse

= 13.2

📦

Cypherpunks

Libotr

<= 4.1.0

References & Advisories

🔗 http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00021.html

🔗 http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00030.html

🔗 http://seclists.org/fulldisclosure/2016/Mar/21

🔗 http://www.debian.org/security/2016/dsa-3512

🔗 http://www.securityfocus.com/archive/1/537745/100/0/threaded

🔗 http://www.securityfocus.com/bid/84285

🔗 http://www.ubuntu.com/usn/USN-2926-1

🔗 https://lists.cypherpunks.ca/pipermail/otr-users/2016-March/002581.html

相關漏洞威脅

CVE-1999-069810.0

Denial of service in IP protocol logger (ippl) on Red Hat and Debian Linux.

CVE-2026-234628.8

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: HIDP: Fix possible UAF This fixes the following t...

CVE-2006-70948.5

ftpd, as used by Gentoo and Debian Linux, sets the gid to the effective uid instead of the effective group id before executing /bi...

CVE-2026-231717.8

In the Linux kernel, the following vulnerability has been resolved: bonding: fix use-after-free due to enslave fail after slave a...