CVE-2021-44847

Name of the Vulnerable Software and Affected Versions: toxcore versions 0.1.9 through 0.1.11 toxcore versions 0.2.0 through 0.2.12

Description: A stack-based buffer overflow in the handle request function in DHT.c allows remote attackers to crash the process or potentially execute arbitrary code via a network packet. This issue is caused by an improper length calculation during the handling of received network packets. The vulnerability can be exploited by sending a specially crafted UDP packet, and all users of applications based on toxcore with UDP transport enabled are potentially affected.

Recommendations: For toxcore versions 0.1.9 through 0.1.11, update to a version outside of this range to resolve the issue. For toxcore versions 0.2.0 through 0.2.12, update to a version outside of this range to resolve the issue. As a temporary workaround, consider disabling the UDP transport to minimize the risk of exploitation.