The remote host is missing an update to the system as announced in the referenced advisory.

Update your system with the appropriate patches or software upgrades. http://lists.cypherpunks.ca/pipermail/otr-dev/2012-July/001347.html http://www.vuxml.org/freebsd/c651c898-e90d-11e1-b230-0024e830109b.html

The following package is affected: libotr CVE-2012-3461 The (1) otrl_base64_otr_decode function in src/b64.c (2) otrl_proto_data_read_flags and (3) otrl_proto_accept_data functions in src/proto.c and (4) decode function in toolkit/parse.c in libotr before 3.2.1 allocates a zero-length buffer when decoding a base64 string, which allows remote attackers to cause a denial of service (application crash) via a message with the value '?OTR:===.', which triggers a heap-based buffer overflow.