Scapy is vulnerable to denial of service (DoS) attacks. It uses a buggy unnecessary class _RADIUSAttrPacketListField
which does not validate the input when reading the length field in the RADIUS packets Attribute Value Pairs (AVP), causing an infinite loop and an application crash. This vulnerability is possible only when the Scapy is tricked into thinking a network packet is a RADIUS packet.
www.securityfocus.com/bid/106674
github.com/secdev/scapy/pull/1409
github.com/secdev/scapy/pull/1409/files#diff-441eff981e466959968111fc6314fe93L1058
lists.fedoraproject.org/archives/list/[email protected]/message/42NRPMC3NS2QVFNIXYP6WV2T3LMLLY7E/
lists.fedoraproject.org/archives/list/[email protected]/message/T46XW4S5BCA3VV3JT3C5Q6LBEXSIACLN/
www.imperva.com/blog/scapy-sploit-python-network-tool-is-vulnerable-to-denial-of-service-dos-attack-cve-pending/