Insufficient Verification Of Data Authenticity

quic-go is vulnerable to Insufficient Verification of Data Authenticity. The vulnerability is due to improper handling of ICMP "Packet Too Large" messages, allowing an off-path attacker to inject such packets and disrupt QUIC connections by setting the MTU to a value below the minimum threshold o...

SUSE CVE-2024-53259

quic-go is an implementation of the QUIC protocol in Go. An off-path attacker can inject an ICMP Packet Too Large packet. Since affected quic-go versions used IPPMTUDISCDO, the kernel would then return a "message too large" error on sendmsg, i.e. when quic-go attempts to send a packet that exceed...

CVE-2024-53259

quic-go is an implementation of the QUIC protocol in Go. An off-path attacker can inject an ICMP Packet Too Large packet. Since affected quic-go versions used IPPMTUDISCDO, the kernel would then return a "message too large" error on sendmsg, i.e. when quic-go attempts to send a packet that exceed...

DEBIAN-CVE-2024-53259

quic-go is an implementation of the QUIC protocol in Go. An off-path attacker can inject an ICMP Packet Too Large packet. Since affected quic-go versions used IPPMTUDISCDO, the kernel would then return a "message too large" error on sendmsg, i.e. when quic-go attempts to send a packet that exceed...

CVE-2024-53259

quic-go is an implementation of the QUIC protocol in Go. An off-path attacker can inject an ICMP Packet Too Large packet. Since affected quic-go versions used IPPMTUDISCDO, the kernel would then return a "message too large" error on sendmsg, i.e. when quic-go attempts to send a packet that exceed...

UBUNTU-CVE-2024-53259

quic-go is an implementation of the QUIC protocol in Go. An off-path attacker can inject an ICMP Packet Too Large packet. Since affected quic-go versions used IPPMTUDISCDO, the kernel would then return a "message too large" error on sendmsg, i.e. when quic-go attempts to send a packet that exceed...

CVE-2024-53259

CVE-2024-53259 affects the quic-go QUIC implementation. An off-path attacker can inject an ICMP Packet Too Large when IP_PMTUDISC_DO is used, causing the kernel to return a “message too large” error on sendmsg if a QUIC packet exceeds the MTU claimed in the ICMP message. This can disrupt a QUIC c...

CVE-2024-53259 quic-go affected by an ICMP Packet Too Large Injection Attack on Linux

quic-go is an implementation of the QUIC protocol in Go. An off-path attacker can inject an ICMP Packet Too Large packet. Since affected quic-go versions used IPPMTUDISCDO, the kernel would then return a "message too large" error on sendmsg, i.e. when quic-go attempts to send a packet that exceed...

CVE-2024-53259

quic-go is an implementation of the QUIC protocol in Go. An off-path attacker can inject an ICMP Packet Too Large packet. Since affected quic-go versions used IPPMTUDISCDO, the kernel would then return a "message too large" error on sendmsg, i.e. when quic-go attempts to send a packet that exceed...

RHEL 8 : kernel (RHSA-2024:2674)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:2674 advisory. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security fixes: kernel: mlxsw: spectrumacltcam: Fix...

F5 Networks BIG-IP : NTP vulnerability (K09940637)

The version of F5 Networks BIG-IP installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the K09940637 advisory. Network Time Protocol NTP, as specified in RFC 5905, uses port 123 even for modes where a fixed port number is not...

F5 Networks BIG-IP : NTP vulnerability (K44305703)

The version of F5 Networks BIG-IP installed on the remote host is prior to 17.1.3 / 17.5.1.3. It is, therefore, affected by a vulnerability as referenced in the K44305703 advisory. The ntpd daemon in ntp before 4.2.8p14 and 4.3.x before 4.3.100 allows an off-path attacker to block unauthenticated...

K98221124: Multiple dnsmasq vulnerabilities CVE-2020-25684, CVE-2020-25685, and CVE-2020-25686

Security Advisory Description CVE-2020-25684 A flaw was found in dnsmasq before version 2.83. When getting a reply from a forwarded query, dnsmasq checks in the forward.c:replyquery if the reply destination address/port is used by the pending forwarded queries. However, it does not use the...

K44305703: NTP vulnerability CVE-2020-11868

Security Advisory Description The ntpd daemon in ntp before 4.2.8p14 and 4.3.x before 4.3.100 allows an off-path attacker to block unauthenticated synchronization via a server mode packet with a spoofed source IP address, because transmissions are rescheduled even when a packet lacks a valid orig...

K09604370: Linux kernel vulnerability CVE-2020-25705

Security Advisory Description A flaw in the way reply ICMP packets are limited in the Linux kernel functionality was found that allows to quickly scan open UDP ports. This flaw allows an off-path remote user to effectively bypassing source port UDP randomization. The highest threat from this...

K09940637: NTP vulnerability CVE-2019-11331

Security Advisory Description Network Time Protocol NTP, as specified in RFC 5905, uses port 123 even for modes where a fixed port number is not required, which makes it easier for remote attackers to conduct off-path attacks. CVE-2019-11331 Impact Using an off-path attack not a man-in-the-middle...

SUSE CVE-2017-12132

The DNS stub resolver in the GNU C Library aka glibc or libc6 before version 2.26, when EDNS support is enabled, will solicit large UDP responses from name servers, potentially simplifying off-path DNS spoofing attacks due to IP fragmentation...

SUSE CVE-2019-11331

Network Time Protocol NTP, as specified in RFC 5905, uses port 123 even for modes where a fixed port number is not required, which makes it easier for remote attackers to conduct off-path attacks...

SUSE CVE-2020-11868

ntpd in ntp before 4.2.8p14 and 4.3.x before 4.3.100 allows an off-path attacker to block unauthenticated synchronization via a server mode packet with a spoofed source IP address, because transmissions are rescheduled even when a packet lacks a valid origin timestamp...

SUSE CVE-2020-13817

ntpd in ntp before 4.2.8p14 and 4.3.x before 4.3.100 allows remote attackers to cause a denial of service daemon exit or system time change by predicting transmit timestamps for use in spoofed packets. The victim must be relying on unauthenticated IPv4 time sources. There must be an off-path...