CVE-2017-17066

Опубликовано: 05 дек. 2017

Источник: nvd

CVSS3: 7.5

CVSS2: 5

EPSS Низкий

Описание

The (1) i2pd before 2.17 and (2) kovri pre-alpha implementations of the I2P routing protocol do not properly handle Garlic DeliveryTypeTunnel packets, which allows remote attackers to obtain sensitive information from process memory via crafted packets that trigger a buffer over-read, as demonstrated by reading sensitive router memory, aka the GarlicRust bug.

Ссылки

https://eyalitkin.wordpress.com/2017/12/04/cve-publication-garlicrust-cve-2017-17066/
Issue Tracking
Third Party Advisory
https://hackerone.com/reports/291489
Issue Tracking
Third Party Advisory
https://eyalitkin.wordpress.com/2017/12/04/cve-publication-garlicrust-cve-2017-17066/
Issue Tracking
Third Party Advisory
https://hackerone.com/reports/291489
Issue Tracking
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:getkovri:kovri:-:*:*:*:*:*:*:*

cpe:2.3:a:i2pd:i2pd:*:*:*:*:*:*:*:*

Версия до 2.16.0 (включая)

EPSS

Процентиль: 80%

0.01353

Низкий

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-125

Связанные уязвимости

CVE-2017-17066

CVSS3: 7.5

debian

около 8 лет назад

The (1) i2pd before 2.17 and (2) kovri pre-alpha implementations of th ...

GHSA-rmv7-m6j3-p2f9

CVSS3: 7.5

github

больше 3 лет назад

EPSS

Процентиль: 80%

0.01353

Низкий

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-125