TokTok Toxcore 0.0.2

CPE Details

TokTok Toxcore 0.0.2
toktok
toxcore
0.0.2
2022-02-08
17h52 +00:00
2022-02-08
17h54 +00:00
CPE NVD
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:a:toktok:toxcore:0.0.2:*:*:*:*:*:*:*

Informations

Vendor

toktok

Product

toxcore

Version

0.0.2

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2018-25021 2021-12-12 23h53 +00:00 The TCP Server module in toxcore before 0.2.8 doesn't free the TCP priority queue under certain conditions, which allows a remote attacker to exhaust the system's memory, causing a denial of service (DoS).
7.5
High
CVE-2018-25022 2021-12-12 23h53 +00:00 The Onion module in toxcore before 0.2.2 doesn't restrict which packets can be onion-routed, which allows a remote attacker to discover a target user's IP address (when knowing only their Tox Id) by positioning themselves close to target's Tox Id in the DHT for the target to establish an onion connection with the attacker, guessing the target's DHT public key and creating a DHT node with public key close to it, and finally onion-routing a NAT Ping Request to the target, requesting it to ping the just created DHT node.
3.1
Low
The information presented on CVE Find originates from several carefully selected reference sources. CVE data is provided by MITRE Corporation and the National Vulnerability Database (NVD). The Known Exploited Vulnerabilities (KEV) catalog is sourced from the Cybersecurity and Infrastructure Security Agency (CISA), while EPSS scores come from FIRST.org. Additionally, data regarding software weaknesses (CWE) and common attack patterns (CAPEC) is maintained by MITRE Corporation, and information on hardware and software configurations (CPE) is provided by the NVD.