CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
EPSS
Percentile
42.2%
github.com/schollz/croc is vulnerable to Information Exposure. The vulnerability is due to there case where an explicit IP isn’t provided, the receiver prompts the sender for its local IP addresses using the ips?
message. That triggers an unencrypted message exchange and sender will send out cleartext information over the Internet, containing all locally assigned IP addresses. This leads to potential information leakage about the sender’s network configuration and identity.
Vendor | Product | Version | CPE |
---|---|---|---|
- | croc\ | 3.20 | cpe:2.3:a:-:croc\:3.20:10.0.11-r0:*:*:*:*:*:*:* |
- | croc\ | 3.20 | cpe:2.3:a:-:croc\:3.20:9.6.15-r2:*:*:*:*:*:*:* |
- | croc\ | 3.20 | cpe:2.3:a:-:croc\:3.20:9.6.15-r0:*:*:*:*:*:*:* |
- | croc\ | 3.20 | cpe:2.3:a:-:croc\:3.20:9.6.15-r1:*:*:*:*:*:*:* |
- | croc\ | 3.20 | cpe:2.3:a:-:croc\:3.20:9.6.15-r3:*:*:*:*:*:*:* |
- | croc | 9.5.3-r1 | cpe:2.3:a:-:croc:9.5.3-r1:*:*:*:*:*:*:* |
- | croc | 9.6.5-r3 | cpe:2.3:a:-:croc:9.6.5-r3:*:*:*:*:*:*:* |
- | croc | 9.6.6-r0 | cpe:2.3:a:-:croc:9.6.6-r0:*:*:*:*:*:*:* |
- | croc | 9.1.4-r1 | cpe:2.3:a:-:croc:9.1.4-r1:*:*:*:*:*:*:* |
- | croc | 9.1.0-r0 | cpe:2.3:a:-:croc:9.1.0-r0:*:*:*:*:*:*:* |