Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
The Onion module in toxcore before 0.2.2 doesn't restrict which packets can be onion-routed, which allows a remote attacker to discover a target user's IP address (when knowing only their Tox Id) by positioning themselves close to target's Tox Id in the DHT for the target to establish an onion connection with the attacker, guessing the target's DHT public key and creating a DHT node with public key close to it, and finally onion-routing a NAT Ping Request to the target, requesting it to ping the just created DHT node.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
c-toxcore 信息泄露漏洞
Vulnerability Description
c-toxcore是一种点对点(无服务器)即时通讯工具,旨在让普通用户更容易获得安全和隐私。 TokTok c-toxcore 存在信息泄露漏洞,该漏洞源于 0.2.2 版本之前的 toxcore 中的 Onion 模块不限制哪些数据包可以被洋葱路由,这允许远程攻击者通过将自己定位在靠近目标的 Tox Id 的位置来发现目标用户的 IP 地址(当只知道他们的 Tox Id 时) 目标与攻击者建立洋葱连接的DHT,猜测目标的DHT公钥并创建一个公钥接近的DHT节点,最后洋葱路由NAT Ping请求到目标,请
CVSS Information
N/A
Vulnerability Type
N/A