CVE-2013-1428

Name of the Vulnerable Software and Affected Versions tinc versions prior to 1.0.21 tinc versions 1.1 prior to 1.1pre7

Description The issue is related to a stack-based buffer overflow in the receive tcppacket function in net packet.c. This can be exploited by remote authenticated peers to cause a denial of service or possibly execute arbitrary code via a large TCP packet. Multiple vulnerabilities in the tinc package may lead to breaches of confidentiality, integrity, and availability of protected information. These vulnerabilities can be exploited by a remote attacker who has passed the authentication procedure.

Recommendations For tinc versions prior to 1.0.21, update to version 1.0.21 or later. For tinc versions 1.1 prior to 1.1pre7, update to version 1.1pre7 or later.