Lucene search

K

Veracode Vulnerability DatabaseVERACODE:20864

HistoryJul 19, 2019 - 3:38 a.m.

Denial Of Service (DoS)

2019-07-1903:38:06

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

9

EPSS

0.014

Percentile

86.7%

Scapy is vulnerable to denial of service (DoS) attacks. It uses a buggy unnecessary class _RADIUSAttrPacketListField which does not validate the input when reading the length field in the RADIUS packets Attribute Value Pairs (AVP), causing an infinite loop and an application crash. This vulnerability is possible only when the Scapy is tricked into thinking a network packet is a RADIUS packet.

References

www.securityfocus.com/bid/106674

github.com/secdev/scapy/pull/1409

github.com/secdev/scapy/pull/1409/files#diff-441eff981e466959968111fc6314fe93L1058

lists.fedoraproject.org/archives/list/[email protected]/message/42NRPMC3NS2QVFNIXYP6WV2T3LMLLY7E/

lists.fedoraproject.org/archives/list/[email protected]/message/T46XW4S5BCA3VV3JT3C5Q6LBEXSIACLN/

www.imperva.com/blog/scapy-sploit-python-network-tool-is-vulnerable-to-denial-of-service-dos-attack-cve-pending/

EPSS

0.014

Percentile

86.7%

Related for VERACODE:20864

osv3 nessus3 openvas4 debiancve1 prion1 cve2 nvd2 github1 ubuntucve1 fedora3 cvelist1 mageia1 redhatcve1