DHT public key, IP and port are all public information, publicly available on the DHT, so an attacker can target any and all Toxcore users by scraping this information from the DHT. An attacker, knowing the target’s DHT public key, IP and port, can easily craft a packet exploiting the vulnerability.
The vulnerability was assigned CVE-2021-44847 identifier.Īll users of Toxcore that don’t have UDP disabled are affected. Rest assured, Tox the protocol doesn’t depend on any central servers in order to work, so even if all of our servers were to go down, you would still be able to use Tox.Ī stack-based buffer overflow vulnerability was discovered in Toxcore’s networking code that allows a remote attacker to crash the Toxcore process or potentially execute arbitrary code by sending a specially crafted packet.
In the past we have also hosted a package repository for Debian, Ubuntu, CentOS, Fedora and F-Droid, as well as a Jenkins instance for our CI, on DigitalOcean.ĭigitalOcean has renewed our sponsorship for 2022, so we will be using their services in 2022 too. Most of our infrastructure is running on DigitalOcean, including our website, wiki, blog, bootstrap node list, mailing list, some of CI/build system cache, as well as the tox.chat domain - it’s using DigitalOcean as a name server. Just as an example, in 2018 we asked them for a seemingly outrageous $660 in credits as a budget for that year, which they provided us without any questions asked.
#QTOX CHAT ROOMS FOR FREE#
We would like to thank a cloud hosting company DigitalOcean for sponsoring the Tox project as part of their program for sponsoring open source projects.ĭigitalOcean has been providing us with reliable cloud server infrastructure for free since July 2015 - for over 6 years now! They have been very generous with supporting us and a pleasure to work with.
0 kommentar(er)
