[3.0] libotr: Integer overflow when receiving messages bigger than 4GB (CVE-2016-2851)
Versions 4.1.0 and earlier of libotr in 64-bit builds contain an
integer
overflow security flaw. This flaw could potentially be exploited by a
remote attacker to cause a heap buffer overflow and subsequently for
arbitrary code to be executed on the user’s machine.
Upgrade to libotr 4.1.1
References:
https://lists.cypherpunks.ca/pipermail/otr-users/2016-March/002581.html
https://bugzilla.redhat.com/show\_bug.cgi?id=CVE-2016-2851
(from redmine: issue id 5259, created on 2016-03-10, closed on 2016-05-31)
- Relations:
- parent #5255 (closed)