GO-2025-3979 Omni Wireguard SideroLink potential escape in github.com/siderolabs/omni

Omni Wireguard SideroLink potential escape in github.com/siderolabs/omni...

EUVD-2021-33526

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2021-46873

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - WireGuard, such as WireGuard 0.5.3 on Windows, does not fully account for the possibility that an adversary might be able to set a victim's system time to a...

CVE-2024-28250

Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Starting in version 1.14.0 and prior to versions 1.14.8 and 1.15.2, In Cilium clusters with WireGuard enabled and traffic matching Layer 7 policies Wireguard-eligible traffic that is sent between a node's...

CVE-2022-49153

CVE-2022-49153 affects the Linux kernel via the wireguard path: when sending to a peer, skb memory is not freed if IPv6 is disabled, causing a memory leak. The root cause is missing kfree_skb() in the send6() handling within wg_socket_send_buffer_to_peer/..send_buffer_to_peer() and related code p...

CVE-2024-42247 wireguard: allowedips: avoid unaligned 64-bit memory accesses

In the Linux kernel, the following vulnerability has been resolved: wireguard: allowedips: avoid unaligned 64-bit memory accesses On the parisc platform, the kernel issues kernel warnings because swapendian tries to load a 128-bit IPv6 address from an unaligned memory location: Kernel: unaligned...

WireGuard Security Vulnerabilities

WireGuard is an open source VPN program and protocol from the individual developer Jason A. Donenfeld. A security vulnerability exists in WireGuard version 0.5.3 that originates from an insecure configuration of the operating system and firewall that results in the blocking of traffic to a local...

CVE-2021-46873

WireGuard, such as WireGuard 0.5.3 on Windows, does not fully account for the possibility that an adversary might be able to set a victim's system time to a future value, e.g., because unauthenticated NTP is used. This can lead to an outcome in which one static private key becomes permanently...

PT-2022-34817 · Wireguard +1 · Wireguard +1

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v5.15.71 Description: The issue concerns a potential security vulnerability in the netlink component of WireGuard, related to a variable-sized memcpy on sockaddr. The actual impact and attack plausibility have n...

PT-2022-33873 · Linux +1 · Linux Kernel +1

Name of the Vulnerable Software and Affected Versions: Wireguard versions prior to v5.15.61 Description: The issue is related to the allowedips feature in Wireguard, where a potential stack corruption can occur when detecting an overflow. The actual impact and attack plausibility have not yet bee...