Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2024-2169

Опубликовано: 20 мар. 2024
Источник: redhat
CVSS3: 7.5
EPSS Низкий

Описание

Implementations of UDP application protocol are vulnerable to network loops. An unauthenticated attacker can use maliciously-crafted packets against a vulnerable implementation that can lead to Denial of Service (DOS) and/or abuse of resources.

A vulnerability was found in certain UPD protocol implementations. This issue may allow an unauthenticated attacker to send maliciously crafted packages leading to a denial of service on the targeted system. An attacker needs to perform the attack on a vulnerable server in order to meet the conditions to create the necessary traffic-loop for a successful attack.

Отчет

Red Hat is aware of the existence of CVE-2024-2169 and has investigated the impact in several packages distributed across Red Hat Enterprise Linux versions. The versions of the NTP package shipped with Red Hat Enterprise Linux 6 and 7 are not vulnerable to this attack, as this issue was dependent on CVE-2009-3563 present in ntp up to 4.2.4p8 and 4.2.5, which are older than the versions shipped with the mentioned products. Package implementations of DNS (such as dnsmasq and bind), tftp, and dhcp packages as distributed with Red Hat Enterprise Linux are not affected by this vulnerability as all of it uses a random source port for response, making it impossible to perform a traffic-loop attack.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Ansible Automation Platform 1.2rsyslogNot affected
Red Hat Enterprise Linux 10bindNot affected
Red Hat Enterprise Linux 10dhcpNot affected
Red Hat Enterprise Linux 10dnsmasqNot affected
Red Hat Enterprise Linux 10net-snmpNot affected
Red Hat Enterprise Linux 10rsyslogNot affected
Red Hat Enterprise Linux 10tftpNot affected
Red Hat Enterprise Linux 6bindNot affected
Red Hat Enterprise Linux 6dnsmasqNot affected
Red Hat Enterprise Linux 6net-snmpNot affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
https://bugzilla.redhat.com/show_bug.cgi?id=2272753udp: Implementations of UDP protocol are vulnerable to network loops

EPSS

Процентиль: 78%
0.01173
Низкий

7.5 High

CVSS3

Связанные уязвимости

nvd логотип

CVE-2024-2169

CVSS3: 7.5
nvd
больше 1 года назад

Implementations of UDP application protocol are vulnerable to network loops. An unauthenticated attacker can use maliciously-crafted packets against a vulnerable implementation that can lead to Denial of Service (DOS) and/or abuse of resources.

github логотип

GHSA-324p-3f7r-2rf5

CVSS3: 7.5
github
больше 1 года назад

Implementations of UDP application protocol are vulnerable to network loops. An unauthenticated attacker can use maliciously-crafted packets against a vulnerable implementation that can lead to Denial of Service (DOS) and/or abuse of resources.

fstec логотип

BDU:2024-02164

CVSS3: 7.5
fstec
больше 1 года назад

Уязвимость реализации прикладных протоколов, использующих протокол UDP, связанная с возможностью реализации спуфинг атак, позволяющая нарушителю вызвать отказ в обслуживании

redos логотип

ROS-20251027-01

CVSS3: 7.5
redos
около 1 месяца назад

Уязвимость webmin

EPSS

Процентиль: 78%
0.01173
Низкий

7.5 High

CVSS3