43 matches found
EUVD-2026-16128
When a challenge ACK is to be sent tcprespond constructs and sends the challenge ACK and consumes the mbuf that is passed in. When no challenge ACK should be sent the function returns and leaks the mbuf. If an attacker is either on path with an established TCP connection, or can themselves...
EUVD-2016-2642
Malware in sbrugna...
Unity Linux 20.1070e Security Update: kernel (UTSA-2025-414662)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-414662 advisory. An issue was discovered in the Linux kernel through 5.16.11. The mixed IPID assignment method with the hash-based IPID assignment policy allows an off-path attacker ...
DEBIAN-CVE-2024-53259
quic-go is an implementation of the QUIC protocol in Go. An off-path attacker can inject an ICMP Packet Too Large packet. Since affected quic-go versions used IPPMTUDISCDO, the kernel would then return a "message too large" error on sendmsg, i.e. when quic-go attempts to send a packet that exceed...
CVE-2024-53259
quic-go is an implementation of the QUIC protocol in Go. An off-path attacker can inject an ICMP Packet Too Large packet. Since affected quic-go versions used IPPMTUDISCDO, the kernel would then return a "message too large" error on sendmsg, i.e. when quic-go attempts to send a packet that exceed...
K98221124: Multiple dnsmasq vulnerabilities CVE-2020-25684, CVE-2020-25685, and CVE-2020-25686
Security Advisory Description CVE-2020-25684 A flaw was found in dnsmasq before version 2.83. When getting a reply from a forwarded query, dnsmasq checks in the forward.c:replyquery if the reply destination address/port is used by the pending forwarded queries. However, it does not use the...
K09604370: Linux kernel vulnerability CVE-2020-25705
Security Advisory Description A flaw in the way reply ICMP packets are limited in the Linux kernel functionality was found that allows to quickly scan open UDP ports. This flaw allows an off-path remote user to effectively bypassing source port UDP randomization. The highest threat from this...
K09940637: NTP vulnerability CVE-2019-11331
Security Advisory Description Network Time Protocol NTP, as specified in RFC 5905, uses port 123 even for modes where a fixed port number is not required, which makes it easier for remote attackers to conduct off-path attacks. CVE-2019-11331 Impact Using an off-path attack not a man-in-the-middle...
SUSE CVE-2019-11331
Network Time Protocol NTP, as specified in RFC 5905, uses port 123 even for modes where a fixed port number is not required, which makes it easier for remote attackers to conduct off-path attacks...
SUSE CVE-2020-25686
A flaw was found in dnsmasq before version 2.83. When receiving a query, dnsmasq does not check for an existing pending request for the same name and forwards a new request. By default, a maximum of 150 pending queries can be sent to upstream servers, so there can be at most 150 queries for the...
SUSE-SU-2022:3123-1 Security update for the Linux Kernel (Live Patch 2 for SLE 15 SP4)
This update for the Linux Kernel 5.14.21-1504002416 fixes several issues. The following security issues were fixed: - CVE-2020-36516: Fixed an off-path attack via mixed IPID assignment method with the hash-based IPID assignment policy to inject data into a victim's TCP session or terminate that...
SUSE-SU-2022:3061-1 Security update for the Linux Kernel (Live Patch 9 for SLE 15 SP3)
This update for the Linux Kernel 5.3.18-5934 fixes several issues. The following security issues were fixed: - CVE-2020-36516: Fixed an off-path attack via mixed IPID assignment method with the hash-based IPID assignment policy to inject data into a victim's TCP session or terminate that session...
SUSE-SU-2022:3088-1 Security update for the Linux Kernel (Live Patch 29 for SLE 15 SP2)
This update for the Linux Kernel 5.3.18-15020024126 fixes several issues. The following security issues were fixed: - CVE-2020-36516: Fixed an off-path attack via mixed IPID assignment method with the hash-based IPID assignment policy to inject data into a victim's TCP session or terminate that...
SUSE-SU-2022:3072-1 Security update for the Linux Kernel (Live Patch 1 for SLE 15 SP4)
This update for the Linux Kernel 5.14.21-1504002411 fixes several issues. The following security issues were fixed: - CVE-2020-36516: Fixed an off-path attack via mixed IPID assignment method with the hash-based IPID assignment policy to inject data into a victim's TCP session or terminate that...
SUSE-SU-2022:3064-1 Security update for the Linux Kernel (Live Patch 33 for SLE 15 SP1)
This update for the Linux Kernel 4.12.14-150100197120 fixes one issue. The following security issue was fixed: - CVE-2020-36516: Fixed an off-path attack via mixed IPID assignment method with the hash-based IPID assignment policy to inject data into a victim's TCP session or terminate that sessio...
kernel: new DNS Cache Poisoning Attack based on ICMP fragment needed packets replies
A flaw in the processing of received ICMP errors ICMP fragment needed and ICMP redirect in the Linux kernel functionality was found to allow the ability to quickly scan open UDP ports. This flaw allows an off-path remote user to effectively bypass the source port UDP randomization. The highest...
CVE-2021-20322
A flaw in the processing of received ICMP errors ICMP fragment needed and ICMP redirect in the Linux kernel functionality was found to allow the ability to quickly scan open UDP ports. This flaw allows an off-path remote user to effectively bypass the source port UDP randomization. The highest...
dnsmasq: loose query name check in reply_query() makes forging replies easier for an off-path attacker
A flaw was found in dnsmasq. When getting a reply from a forwarded query, dnsmasq checks in forward.c:replyquery, which is the forwarded query that matches the reply, by only using a weak hash of the query name. Due to the weak hash CRC32 when dnsmasq is compiled without DNSSEC, SHA-1 when it is...
A flaw was found in dnsmasq before version 2.83. When receiving a query dnsmasq does not check for an existing pending request for the same name and forwards a new request. By default a maximum of 150 pending queries can be sent to upstream servers so there can be at most 150 queries for the same name. This flaw allows an off-path attacker on the network to substantially reduce the number of attempts that it would have to perform to forge a reply and have it accepted by dnsmasq. This issue is mentioned in the "Birthday Attacks" section of RFC5452. If chained with CVE-2020-25684 the attack complexity of a successful attack is reduced. The highest threat from this vulnerability is to data integrity.
...
dnsmasq: loose query name check in reply_query() makes forging replies easier for an off-path attacker
A flaw was found in dnsmasq. When getting a reply from a forwarded query, dnsmasq checks in forward.c:replyquery, which is the forwarded query that matches the reply, by only using a weak hash of the query name. Due to the weak hash CRC32 when dnsmasq is compiled without DNSSEC, SHA-1 when it is...