[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

248364

 
 

909

 
 

195388

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2013-1428Date: (C)2013-04-22   (M)2023-12-22


Stack-based buffer overflow in the receive_tcppacket function in net_packet.c in tinc before 1.0.21 and 1.1 before 1.1pre7 allows remote authenticated peers to cause a denial of service (crash) or possibly execute arbitrary code via a large TCP packet.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 6.5
Exploit Score: 8.0
Impact Score: 6.4
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: LOW
Authentication: SINGLE
Confidentiality: PARTIAL
Integrity: PARTIAL
Availability: PARTIAL
  
Reference:
SECUNIA-53087
SECUNIA-53108
BID-59369
OSVDB-92653
DSA-2663
FEDORA-2013-7085
FEDORA-2013-7120
FEDORA-2013-7128
http://www.tinc-vpn.org/pipermail/tinc/2013-April/003240.html
http://freecode.com/projects/tinc/releases/354122
http://www.tinc-vpn.org/news/
https://github.com/gsliepen/tinc/commit/17a33dfd95b1a29e90db76414eb9622df9632320

CPE    7
cpe:/a:tinc-vpn:tinc:1.1:pre3
cpe:/a:tinc-vpn:tinc:1.1:pre5
cpe:/a:tinc-vpn:tinc:1.0.18
cpe:/a:tinc-vpn:tinc:1.1:pre4
...
CWE    1
CWE-119
OVAL    3
oval:org.secpod.oval:def:104898
oval:org.secpod.oval:def:104894
oval:org.secpod.oval:def:601008

© SecPod Technologies