Toxcore, aiwatar da aiwatar da ƙa'idar saƙon Tox P2P, yana da rauni (CVE-2021-44847) wanda zai iya haifar da kisa na lamba lokacin sarrafa fakitin UDP na musamman. Duk masu amfani da aikace-aikacen tushen Toxcore waɗanda ba su da naƙasasshen jigilar UDP suna da lahani. Don kai hari, ya isa ya aika fakitin UDP da sanin adireshin IP, tashar tashar jiragen ruwa da maɓallin DHT na jama'a na wanda aka azabtar (wannan bayanin yana samuwa a bainar jama'a a DHT, watau ana iya kai harin akan kowane mai amfani ko kumburin DHT).
Batun ya kasance a cikin fitowar toxcore 0.1.9 ta hanyar 0.2.12 kuma an gyara shi a sigar 0.2.13. Daga cikin aikace-aikacen abokin ciniki, aikin qTox kawai ya fito da sabuntawa wanda ke kawar da rauni. A matsayin tsarin tsaro na tsaro, zaku iya kashe UDP yayin kiyaye tallafin TCP.
Rashin lahani yana faruwa ta hanyar buffer ambaliya a cikin aikin handle_request(), wanda ke faruwa saboda kuskuren lissafin girman bayanai a cikin fakitin hanyar sadarwa. Musamman, an ƙayyade tsawon bayanan da aka rufaffen a cikin macro CRYPTO_SIZE, wanda aka ayyana a matsayin "1 + CRYPTO_PUBLIC_KEY_SIZE * 2 + CRYPTO_NONCE_SIZE", wanda aka yi amfani da shi daga baya a aikin raguwa "tsawon - CRYPTO_SIZE". Saboda rashin hadi a cikin macro, maimakon a rage jimillar duk darajojin, sai ya rage 1 ya kara sauran sassan. Misali, maimakon "tsawon - (1 + 32 * 2 + 24)", an ƙididdige girman buffer a matsayin "tsawon - 1 + 32 * 2 + 24", wanda ya haifar da sake rubuta bayanai akan tari fiye da iyakar buffer.
source: budenet.ru