Critical severity9.8NVD Advisory· Published Dec 13, 2021· Updated Jun 17, 2026
CVE-2021-44847
CVE-2021-44847
Description
A stack-based buffer overflow in handle_request function in DHT.c in toxcore 0.1.9 through 0.1.11 and 0.2.0 through 0.2.12 (caused by an improper length calculation during the handling of received network packets) allows remote attackers to crash the process or potentially execute arbitrary code via a network packet.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
9- toxcore/toxcoredescription
- osv-coords6 versionspkg:rpm/opensuse/c-toxcore&distro=openSUSE%20Leap%2015.2pkg:rpm/opensuse/c-toxcore&distro=openSUSE%20Leap%2015.3pkg:rpm/opensuse/qtox&distro=openSUSE%20Tumbleweedpkg:rpm/suse/c-toxcore&distro=SUSE%20Package%20Hub%2015%20SP1pkg:rpm/suse/c-toxcore&distro=SUSE%20Package%20Hub%2015%20SP2pkg:rpm/suse/c-toxcore&distro=SUSE%20Package%20Hub%2015%20SP3
< 0.2.13-bp153.2.3.1+ 5 more
- (no CPE)range: < 0.2.13-bp153.2.3.1
- (no CPE)range: < 0.2.13-bp153.2.3.1
- (no CPE)range: < 1.17.4-1.1
- (no CPE)range: < 0.2.13-bp153.2.3.1
- (no CPE)range: < 0.2.13-bp153.2.3.1
- (no CPE)range: < 0.2.13-bp153.2.3.1
Patches
Vulnerability mechanics
References
3- github.com/TokTok/c-toxcore/pull/1718nvdExploitIssue TrackingPatchThird Party Advisory
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/S7EBS3NIRYJ7V3PTNINP3PJSVUHGZTGA/nvd
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZLTKINSPO5T65LB3ZASDPCREKUE22RYE/nvd
News mentions
0No linked articles in our index yet.