Lucene search

K
veracodeVeracode Vulnerability DatabaseVERACODE:43428
HistorySep 29, 2023 - 10:59 a.m.

Information Exposure

2023-09-2910:59:02
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
4
vulnerability
information exposure
unencrypted message exchange
potential information leakage
network configuration
identity
software

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

EPSS

0.001

Percentile

42.2%

github.com/schollz/croc is vulnerable to Information Exposure. The vulnerability is due to there case where an explicit IP isn’t provided, the receiver prompts the sender for its local IP addresses using the ips? message. That triggers an unencrypted message exchange and sender will send out cleartext information over the Internet, containing all locally assigned IP addresses. This leads to potential information leakage about the sender’s network configuration and identity.

Affected configurations

Vulners
Node
-croc\Match3.2010.0.11-r0
OR
-croc\Match3.209.6.15-r2
OR
-croc\Match3.209.6.15-r0
OR
-croc\Match3.209.6.15-r1
OR
-croc\Match3.209.6.15-r3
OR
-crocMatch9.5.3-r1
OR
-crocMatch9.6.5-r3
OR
-crocMatch9.6.6-r0
OR
-crocMatch9.1.4-r1
OR
-crocMatch9.1.0-r0
OR
-crocMatch9.6.14-r0
OR
-crocMatch9.6.0-r4
OR
-crocMatch9.6.0-r3
OR
-crocMatch9.2.0-r0
OR
-crocMatch9.3.0-r1
OR
-crocMatch9.1.4-r0
OR
-crocMatch9.6.4-r1
OR
-crocMatch8.6.10-r0
OR
-crocMatch8.6.11-r0
OR
-crocMatch9.5.6-r0
OR
-crocMatch9.1.2-r0
OR
-crocMatch9.6.3-r0
OR
-crocMatch9.6.1-r1
OR
-crocMatch8.6.12-r0
OR
-crocMatch9.6.4-r2
OR
-crocMatch9.5.0-r0
OR
-crocMatch9.6.4-r0
OR
-crocMatch9.6.1-r2
OR
-crocMatch9.5.4-r0
OR
-crocMatch9.5.2-r1
OR
-crocMatch9.6.5-r4
OR
-crocMatch9.5.1-r0
OR
-crocMatch9.6.15-r1
OR
-crocMatch9.5.5-r0
OR
-crocMatch9.6.4-r4
OR
-crocMatch9.6.0-r2
OR
-crocMatch9.3.0-r0
OR
-crocMatch9.6.10-r0
OR
-crocMatch10.0.1-r0
OR
-crocMatch9.6.9-r0
OR
-crocMatch9.5.0-r1
OR
-crocMatch9.6.15-r2
OR
-crocMatch9.6.1-r0
OR
-crocMatch9.1.1-r0
OR
-crocMatch9.6.4-r3
OR
-crocMatch9.6.15-r0
OR
-crocMatch9.6.14-r1
OR
-crocMatch9.6.15-r3
OR
-crocMatch9.6.5-r2
OR
-crocMatch9.6.0-r1
OR
-crocMatch9.5.5-r1
OR
-crocMatch8.0.11-r0
OR
-crocMatch9.6.1-r3
OR
-crocMatch8.6.8-r0
OR
-crocMatch9.6.5-r1
OR
-crocMatch9.5.2-r0
OR
-crocMatch9.6.0-r0
OR
schollzcrocRange≤v9.6.5
VendorProductVersionCPE
-croc\3.20cpe:2.3:a:-:croc\:3.20:10.0.11-r0:*:*:*:*:*:*:*
-croc\3.20cpe:2.3:a:-:croc\:3.20:9.6.15-r2:*:*:*:*:*:*:*
-croc\3.20cpe:2.3:a:-:croc\:3.20:9.6.15-r0:*:*:*:*:*:*:*
-croc\3.20cpe:2.3:a:-:croc\:3.20:9.6.15-r1:*:*:*:*:*:*:*
-croc\3.20cpe:2.3:a:-:croc\:3.20:9.6.15-r3:*:*:*:*:*:*:*
-croc9.5.3-r1cpe:2.3:a:-:croc:9.5.3-r1:*:*:*:*:*:*:*
-croc9.6.5-r3cpe:2.3:a:-:croc:9.6.5-r3:*:*:*:*:*:*:*
-croc9.6.6-r0cpe:2.3:a:-:croc:9.6.6-r0:*:*:*:*:*:*:*
-croc9.1.4-r1cpe:2.3:a:-:croc:9.1.4-r1:*:*:*:*:*:*:*
-croc9.1.0-r0cpe:2.3:a:-:croc:9.1.0-r0:*:*:*:*:*:*:*
Rows per page:
1-10 of 581

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

EPSS

0.001

Percentile

42.2%