CVE-2012-3461

The (1) otrl_base64_otr_decode function in src/b64.c; (2) otrl_proto_data_read_flags and (3) otrl_proto_accept_data functions in src/proto.c; and (4) decode function in toolkit/parse.c in libotr before 3.2.1 allocates a zero-length buffer when decoding a base64 string, which allows remote attackers to cause a denial of service (application crash) via a message with the value "?OTR:===.", which triggers a heap-based buffer overflow.

Status

Show unmaintained releases

Package	Ubuntu Release	Status
libotr	12.04 LTS precise	Fixed 3.2.0-4ubuntu0.1
	11.10 oneiric	Fixed 3.2.0-2.1ubuntu0.1
	11.04 natty	Fixed 3.2.0-2ubuntu1.1
	10.04 LTS lucid	Fixed 3.2.0-2ubuntu0.1
	8.04 LTS hardy	Ignored end of life

Patch details

For informational purposes only. We recommend not to cherry-pick updates. How can I get the fixes?

Package	Patch details
libotr	Upstream: http://otr.git.sourceforge.net/git/gitweb.cgi?p=otr/libotr;a=commitdiff;h=b17232f86f8e60d0d22caf9a2400494d3c77da58 Upstream: http://otr.git.sourceforge.net/git/gitweb.cgi?p=otr/libotr;a=commitdiff;h=6d4ca89cf1d3c9a8aff696c3a846ac5a51f762c1 Upstream: http://otr.git.sourceforge.net/git/gitweb.cgi?p=otr/libotr;a=commitdiff;h=1902baee5d4b056850274ed0fa8c2409f1187435

References

Related Ubuntu Security Notices (USN)

USN-1541-1
libotr vulnerability
16 August 2012

Status

Patch details

References

Related Ubuntu Security Notices (USN)

Other references