PRIOn knowledge basePRION:CVE-2013-1428

HistoryApr 26, 2013 - 4:55 p.m.

Stack overflow

2013-04-2616:55:00

PRIOn knowledge base

www.prio-n.com

8.5 High

AI Score

Confidence

High

6.5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

0.055 Low

EPSS

Percentile

93.0%

JSON

Stack-based buffer overflow in the receive_tcppacket function in net_packet.c in tinc before 1.0.21 and 1.1 before 1.1pre7 allows remote authenticated peers to cause a denial of service (crash) or possibly execute arbitrary code via a large TCP packet.

CPENameOperatorVersion
tincle1.1
tinceq1.1 pre4
tinceq1.0.17
tinceq1.0.18
tinceq1.1 pre3
tincle1.0.20
tinceq1.1 pre5
tinceq1.0.19

Name	Operator	Version
tinc	le	1.1
tinc	eq	1.1 pre4
tinc	eq	1.0.17
tinc	eq	1.0.18
tinc	eq	1.1 pre3
tinc	le	1.0.20
tinc	eq	1.1 pre5
tinc	eq	1.0.19

References

freecode.com/projects/tinc/releases/354122

osvdb.org/92653

secunia.com/advisories/53087

secunia.com/advisories/53108

www.debian.org/security/2013/dsa-2663

www.securityfocus.com/bid/59369

www.tinc-vpn.org/news/

www.tinc-vpn.org/pipermail/tinc/2013-April/003240.html

github.com/gsliepen/tinc/commit/17a33dfd95b1a29e90db76414eb9622df9632320

lists.fedoraproject.org/pipermail/package-announce/2013-May/105531.html

lists.fedoraproject.org/pipermail/package-announce/2013-May/105559.html

lists.fedoraproject.org/pipermail/package-announce/2013-May/106167.html

8.5 High

AI Score

Confidence

High

6.5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

0.055 Low

EPSS

Percentile

93.0%

JSON

Related for PRION:CVE-2013-1428