i2pd and kovri information disclosure vulnerabilities

i2p is a network protocol for encryption that enables anonymous access to the Internet. i2pd is a C++ implementation of the i2p client. kovri is a lightweight i2p-compatible router. A security vulnerability exists in i2pd versions prior to 2.17 and in the kovri pre-alpha version, which stems from...

Internet Bug Bounty: GarlicRust - heartbleed style vulnerability in major I2P C++ router implementations

Brief ----- I2pd and kovri are both C++ I2P routers that share the same code base, as kovri was forked from i2pd several years ago. The vulnerability lies in a common code piece, making both implementations vulnerable, as was acknowledged by orignal, the main developer of i2pd. The vulnerability ...

CVE-2017-17066

The 1 i2pd before 2.17 and 2 kovri pre-alpha implementations of the I2P routing protocol do not properly handle Garlic DeliveryTypeTunnel packets, which allows remote attackers to obtain sensitive information from process memory via crafted packets that trigger a buffer over-read, as demonstrated...

CVE-2017-17066

The 1 i2pd before 2.17 and 2 kovri pre-alpha implementations of the I2P routing protocol do not properly handle Garlic DeliveryTypeTunnel packets, which allows remote attackers to obtain sensitive information from process memory via crafted packets that trigger a buffer over-read, as demonstrated...

CVE-2017-17066

Summary: CVE-2017-17066 affects i2pd before 2.17 and kovri pre-alpha implementations. The GarlicRust flaw arises in handling Garlic DeliveryTypeTunnel packets, where an unchecked length can lead to a buffer over-read and leakage of sensitive memory. The connected sources describe the vulnerable c...

CVE-2017-17066

The 1 i2pd before 2.17 and 2 kovri pre-alpha implementations of the I2P routing protocol do not properly handle Garlic DeliveryTypeTunnel packets, which allows remote attackers to obtain sensitive information from process memory via crafted packets that trigger a buffer over-read, as demonstrated...

CVE-2017-17066

The 1 i2pd before 2.17 and 2 kovri pre-alpha implementations of the I2P routing protocol do not properly handle Garlic DeliveryTypeTunnel packets, which allows remote attackers to obtain sensitive information from process memory via crafted packets that trigger a buffer over-read, as demonstrated...

PT-2017-14694 · I2P +1 · I2Pd +2

Name of the Vulnerable Software and Affected Versions: i2pd versions prior to 2.17 kovri versions prior to 2.17 pre-alpha implementations Description: The issue is related to the improper handling of Garlic DeliveryTypeTunnel packets in the I2P routing protocol, which allows remote attackers to...

Monero: Kovri: potential buffer over-read in garlic clove handling + I2NP message creation

Brief ----- There is a lack of sanitation checks when handling Garlic messages in the kovri I2P router. Sending a specially crafted Garlic message can cause the router to send onward an I2P message containing leaked RAM data, triggering a massive information leakage. Technical Details: ==========...