PT-2021-8849 · Toxcore+1 · Toxcore+1

Kpp

Published

2021-12-13

Updated

2025-03-01

CVE-2018-25021

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions toxcore versions prior to 0.2.8

Description The TCP Server module in toxcore does not free the TCP priority queue under certain conditions, allowing a remote attacker to exhaust the system's memory and cause a denial of service (DoS).

Recommendations For versions prior to 0.2.8, update to version 0.2.8 or later to resolve the issue. As a temporary workaround, consider restricting access to the TCP Server module to minimize the risk of exploitation.

Exploit

Fix

DoS

Improper Resource Release

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-404

Related Identifiers

ALT-PU-2025-3455

CVE-2018-25021

Affected Products

Alt Linux

Toxcore

PT-2021-8849 · Toxcore+1 · Toxcore+1

CVE-2018-25021

Weakness Enumeration

Related Identifiers

Affected Products

References · 12