7.5
CVE-2020-27638
- EPSS 2.33%
- Veröffentlicht 22.10.2020 13:15:15
- Zuletzt bearbeitet 21.11.2024 05:21:33
- CVE-Watchlists
- Unerledigt
receive.c in fastd before v21 allows denial of service (assertion failure) when receiving packets with an invalid type code.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Fastd Project ≫ Fastd Version < 21.0
Debian ≫ Debian Linux Version9.0
Fedoraproject ≫ Fedora Version31
Fedoraproject ≫ Fedora Version32
Fedoraproject ≫ Fedora Version33
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 2.33% | 0.813 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.5 | 3.9 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
|
| nvd@nist.gov | 5 | 10 | 2.9 |
AV:N/AC:L/Au:N/C:N/I:N/A:P
|
CWE-617 Reachable Assertion
The product contains an assert() or similar statement that can be triggered by an attacker, which leads to an application exit or other behavior that is more severe than necessary.
https://bugs.debian.org/972521
https://fastd.readthedocs.io/en/stable/releases/v21.html
https://github.com/NeoRaider/fastd/commit/737925113363b6130879729cdff9ccc46c33eaea
https://lists.debian.org/debian-lts-announce/2020/10/msg00025.html
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/D2LNSF2LI4RQ7BVGHTJQUJWP7RVGHDTK/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GUZ3AGTAXH7OOP45F5WXBVRQ3IDWUR7M/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WSMH65GHKHMJAK2VMPROIPIUS4IA63CW/