The TCP Server module in toxcore before 0.2.8 doesnt free the TCP priority queue under certain conditions, which allows a remote attacker to exhaust the systems memory, causing a denial of service (DoS).
The product does not release or incorrectly releases a resource before it is made available for re-use.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Toxcore | Toktok | * | 0.2.8 (excluding) |
Libtoxcore | Ubuntu | trusty | * |
Libtoxcore | Ubuntu | upstream | * |
Libtoxcore | Ubuntu | xenial | * |