6 matches found
Internet Bug Bounty: GarlicRust - heartbleed style vulnerability in major I2P C++ router implementations
Brief ----- I2pd and kovri are both C++ I2P routers that share the same code base, as kovri was forked from i2pd several years ago. The vulnerability lies in a common code piece, making both implementations vulnerable, as was acknowledged by orignal, the main developer of i2pd. The vulnerability ...
CVE-2017-17066
The 1 i2pd before 2.17 and 2 kovri pre-alpha implementations of the I2P routing protocol do not properly handle Garlic DeliveryTypeTunnel packets, which allows remote attackers to obtain sensitive information from process memory via crafted packets that trigger a buffer over-read, as demonstrated...
CVE-2017-17066
The 1 i2pd before 2.17 and 2 kovri pre-alpha implementations of the I2P routing protocol do not properly handle Garlic DeliveryTypeTunnel packets, which allows remote attackers to obtain sensitive information from process memory via crafted packets that trigger a buffer over-read, as demonstrated...
CVE-2017-17066
Summary: CVE-2017-17066 affects i2pd before 2.17 and kovri pre-alpha implementations. The GarlicRust flaw arises in handling Garlic DeliveryTypeTunnel packets, where an unchecked length can lead to a buffer over-read and leakage of sensitive memory. The connected sources describe the vulnerable c...
CVE-2017-17066
The 1 i2pd before 2.17 and 2 kovri pre-alpha implementations of the I2P routing protocol do not properly handle Garlic DeliveryTypeTunnel packets, which allows remote attackers to obtain sensitive information from process memory via crafted packets that trigger a buffer over-read, as demonstrated...
CVE-2017-17066
The 1 i2pd before 2.17 and 2 kovri pre-alpha implementations of the I2P routing protocol do not properly handle Garlic DeliveryTypeTunnel packets, which allows remote attackers to obtain sensitive information from process memory via crafted packets that trigger a buffer over-read, as demonstrated...