4 matches found
ssrfcheck Vulnerable to Server-Side Request Forgery (SSRF) and Incomplete List of Disallowed Inputs
Summary ssrfcheck v1.3.0 latest fails to block Server-Side Request Forgery attacks when the target private IP address is encoded as an IPv4-mapped IPv6 address e.g. http://::ffff:127.0.0.1/. The WHATWG URL parser built into Node.js silently normalizes the IPv4 notation inside the brackets to...
DEBIAN-CVE-2023-53863
In the Linux kernel, the following vulnerability has been resolved: netlink: do not hard code device address lenth in fdb dumps syzbot reports that some netdev devices do not have a six bytes address 1 Replace ETHALEN by dev-addrlen. 1 Case of a device where dev-addrlen = 4 BUG: KMSAN:...
UBUNTU-CVE-2023-53863
In the Linux kernel, the following vulnerability has been resolved: netlink: do not hard code device address lenth in fdb dumps syzbot reports that some netdev devices do not have a six bytes address 1 Replace ETHALEN by dev-addrlen. 1 Case of a device where dev-addrlen = 4 BUG: KMSAN:...
Mozilla: DoH did not filter IPv4 mapped IP Addresses
When DNS over HTTPS is in use, it intentionally filters RFC1918 and related IP ranges from the responses as these do not make sense coming from a DoH resolver. However when an IPv4 address was mapped through IPv6, these addresses were erroneously let through, leading to a potential DNS Rebinding...