EUVD-2006-1246

Malware in sbrugna...

CVE-2023-53121 tcp: tcp_make_synack() can be called from process context

In the Linux kernel, the following vulnerability has been resolved: tcp: tcpmakesynack can be called from process context tcprtxsynack now could be called in process context as explained in 0a375c822497 "tcp: tcprtxsynack can be called from process context". tcprtxsynack might call tcpmakesynack,...

UBUNTU-CVE-2025-23145

In the Linux kernel, the following vulnerability has been resolved: mptcp: fix NULL pointer in canacceptnewsubflow When testing valkey benchmark tool with MPTCP, the kernel panics in 'mptcpcanacceptnewsubflow' because subflowreq-msk is NULL. Call trace: mptcpcanacceptnewsubflow...

CVE-2025-23145

CVE-2025-23145 affects the Linux kernel (MPTCP) and describes a NULL-pointer dereference in the mptcp_can_accept_new_subflow path. The root cause is that subflow_req->msk ownership could be transferred to a subflow on the first path, creating a window where a second SYN-ACK could be processed ...

Anatomy of a SYN-ACK Attack

...

PT-2025-18399

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A vulnerability has been resolved in the Linux kernel related to the MPTCP protocol. The issue occurs when the kernel panics in 'mptcp can accept new subflow' due to a NULL pointer...

CVE-2024-50154 tcp/dccp: Don't use timer_pending() in reqsk_queue_unlink().

In the Linux kernel, the following vulnerability has been resolved: tcp/dccp: Don't use timerpending in reqskqueueunlink. Martin KaFai Lau reported use-after-free 0 in reqsktimerhandler. """ We are seeing a use-after-free from a bpf prog attached to tracetcpretransmitsynack. The program passes th...

CVE-2024-50154

CVE-2024-50154 (Linux kernel) : The vulnerability arises from tcp/dccp code using timer_pending() in reqsk_queue_unlink(), which can miss del_timer_sync() in reqsk_timer_handler() and create a use-after-free (UAF) when req->sk is closed before timer expiry (default ~63s). Affected: Linux kerne...

CVE-2020-7451

In FreeBSD 12.1-STABLE before r358739, 12.1-RELEASE before 12.1-RELEASE-p3, 11.3-STABLE before r358740, and 11.3-RELEASE before 11.3-RELEASE-p7, a TCP SYN-ACK or challenge TCP-ACK segment over IPv6 that is transmitted or retransmitted does not properly initialize the Traffic Class field disclosin...

CVE-2020-7451

CVE-2020-7451 affects FreeBSD: TCP servers sending or retransmitting IPv6 SYN-ACK (and challenge ACK) segments may disclose one byte of kernel memory due to Traffic Class not initialized. Affected: FreeBSD 12.1-STABLE before r358739, 12.1-RELEASE before 12.1-RELEASE-p3, 11.3-STABLE before r358740...

New Linux Bug Lets Attackers Hijack Encrypted VPN Connections

A team of cybersecurity researchers has disclosed a new severe vulnerability affecting most Linux and Unix-like operating systems, including FreeBSD, OpenBSD, macOS, iOS, and Android, that could allow remote 'network adjacent attackers' to spy on and tamper with encrypted VPN connections. The...

CVE-2018-18442

D-Link DCS-825L devices with firmware 1.08 do not employ a suitable mechanism to prevent denial-of-service DoS attacks. An attacker can harm the device availability i.e., live-online video/audio streaming by using the hping3 tool to perform an IPv4 flood attack. Verified attacks includes SYN...

Design/Logic Flaw

D-Link DCS-825L devices with firmware 1.08 do not employ a suitable mechanism to prevent denial-of-service DoS attacks. An attacker can harm the device availability i.e., live-online video/audio streaming by using the hping3 tool to perform an IPv4 flood attack. Verified attacks includes SYN...

CVE-2018-18442

CVE-2018-18442 affects the D-Link DCS-825L (firmware 1.08). The vulnerability is a DoS due to insufficient input validation in the firmware, enabling a remote attacker to disrupt device availability (e.g., live video/audio streaming) via crafted or flood-like network traffic (syn/udp/icmp, includ...

Zyxel Prestige 642R Malformed Packet Denial of Service Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/5034/info ZyXEL 642R routers have difficulties handling certain types of malformed packets. In particular, it is possible to deny services by sending a vulnerable router a SYN-ACK packet. To a lesser degree, the router al...

http-vuln-wnr1000-creds NSE Script

A vulnerability has been discovered in WNR 1000 series that allows an attacker to retrieve administrator credentials with the router interface. Tested On Firmware Versions: V1.0.2.6060.0.86 Latest and V1.0.2.5460.0.82NA Vulnerability discovered by c1ph04. Script Arguments...

CVE-2006-1242

The ippushpendingframes function in Linux 2.4.x and 2.6.x before 2.6.16 increments the IP ID field when sending a RST after receiving unsolicited TCP SYN-ACK packets, which allows remote attackers to conduct an Idle Scan nmap -sI attack, which bypasses intended protections against such attacks...

Code injection

The ippushpendingframes function in Linux 2.4.x and 2.6.x before 2.6.16 increments the IP ID field when sending a RST after receiving unsolicited TCP SYN-ACK packets, which allows remote attackers to conduct an Idle Scan nmap -sI attack, which bypasses intended protections against such attacks...

TCP SYN Denial of Service Exploit (bang.c)

Exploit for bsd platform in category dos / poc ========================================== TCP SYN Denial of Service Exploit bang.c ========================================== / BANG.C Coded by Sorcerer of DALnet FUCKZ to: etech, blazin, udp, hybrid and kdl PROPZ : skrilla, thanks for all your help...

ZYXEL Prestige 642R Router - Malformed Packet Denial of Service

source: https://www.securityfocus.com/bid/5034/info ZyXEL 642R routers have difficulties handling certain types of malformed packets. In particular, it is possible to deny services by sending a vulnerable router a SYN-ACK packet. To a lesser degree, the router also encounters difficulties when...