Описание
WireGuard, such as WireGuard 0.5.3 on Windows, does not fully account for the possibility that an adversary might be able to set a victim's system time to a future value, e.g., because unauthenticated NTP is used. This can lead to an outcome in which one static private key becomes permanently useless.
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | ignored | end of standard support, was needs-triage |
| devel | deferred | |
| esm-apps/bionic | deferred | |
| esm-apps/focal | deferred | |
| esm-apps/xenial | deferred | |
| focal | ignored | end of standard support, was deferred |
| jammy | deferred | |
| kinetic | ignored | end of life, was needs-triage |
| lunar | ignored | end of life, was deferred [2023-12-22] |
| mantic | ignored | end of life, was deferred |
Показывать по
EPSS
5.3 Medium
CVSS3
Связанные уязвимости
WireGuard, such as WireGuard 0.5.3 on Windows, does not fully account for the possibility that an adversary might be able to set a victim's system time to a future value, e.g., because unauthenticated NTP is used. This can lead to an outcome in which one static private key becomes permanently useless.
WireGuard, such as WireGuard 0.5.3 on Windows, does not fully account ...
WireGuard, such as WireGuard 0.5.3 on Windows, does not fully account for the possibility that an adversary might be able to set a victim's system time to a future value, e.g., because unauthenticated NTP is used. This can lead to an outcome in which one static private key becomes permanently useless.
Уязвимость реализации протокола синхронизации времени NTP VPN-сервиса WireGuard операционных систем Windows, позволяющая нарушителю вызвать отказ в обслуживании
EPSS
5.3 Medium
CVSS3