News

Patch for serious vulnerability in libotr encryption library is available

By admin
Spread the love

In version 4.1.0 and earlier of the off-the-record encryption protocol OTR, it is possible to execute arbitrary code by sending a very large message. Users with fast connections are especially vulnerable. Version 4.1.1 of the libotr library fixes the vulnerability.

The German company X41 D-Sec says it discovered the vulnerability through a code review. According to the description, it is not easy for an attacker to exploit the vulnerability known as cve-2016-2851. This requires that a message with a size of 5.5GB is sent.

The researchers drew up a proof of concept, in which they sent 275 messages of 20MB each. This eventually led to a heap overflow on 64-bit systems, which allowed arbitrary code to be run. The researchers used a test system with 8GB of ram and 15GB of swap space. With a fast network connection, the attack could be carried out without this being noticeable to the victim.

Libotr is used in chat programs such as Pidgin and Adium, among others, which makes them vulnerable. Libotr is an implementation of the off-the-record encryption protocol, which provides authentication and encryption in online communications. In general, the protocol is considered very safe. It was also announced this week that Tor Messenger is implementing OTR support for Twitter private messages. The update to the patched 4.1.1 version is now available.

You might also like
News

X begins to deploy the audio and video calling function (but only paying users can…

News

Samsung develops first GDDR7 chips, mentions bandwidths of up to 32Gbit/s per pin

News

Meta introduces open source language model Llama 2, works on PCs and phones

News

Telegram has over 800 million active users and is not yet profitable

News

Igor’s Lab shares specs LGA1851 socket Arrow Lake: PCIe 5.0 SSDs and more pins

News

Elon Musk: Twitter loses half of ad revenue

Exit mobile version