[3.8] tinc: Multiple issues (CVE-2018-16737, CVE-2018-16738, CVE-2018-16758)ID: oval:org.secpod.oval:def:1801318 | Date: (C)2019-03-05 (M)2023-11-10 |
Class: PATCH | Family: unix |
CVE-2018-16737: tinc 1.0.29 and earlier allow an oracle attack that could allow a remote attacker to establish one-way communication with a tinc node, allowing it to send fake control messages and inject packets into the VPN. The attack takes only a few seconds to complete. Tinc 1.1pre14 and earlier allow the same attack if they are configured to allow connections from nodes using the legacy 1.0.x protocol. Fixed In Version:¶ tinc 1.0.35
Platform: |
Alpine Linux 3.8 |