CVE-2020-27638

receive.c in fastd before v21 allows denial of service (assertion failure) when receiving packets with an invalid type code.

CVE-2025-24356

fastd is a VPN daemon which tunnels IP packets and Ethernet frames over UDP. When receiving a data packet from an unknown IP address/port combination, fastd will assume that one of its connected peers has moved to a new address and initiate a reconnect by sending a handshake packet. This "fast reco...