PT-2019-11477 · Secdev+1 · Scapy+1

Johnathan Azaria

Publicado

2019-07-19

Atualizado

2023-03-01

CVE-2019-1010142

CVSS v3.1

7.5

Alta

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions: scapy version 2.4.0

Description: The issue is a Denial of Service that results in an infinite loop, resource consumption, and the program becoming unresponsive. The component affected is the RADIUSAttrPacketListField.getfield(self..) function. The attack vector can be over the network or via a pcap file, with both methods being effective.

Recommendations: For scapy version 2.4.0, consider disabling the RADIUSAttrPacketListField.getfield(self..) function as a temporary workaround to prevent potential exploitation until a patch is available. Restrict access to the network and limit the use of pcap files to minimize the risk of exploitation.

Exploit

Correção

DoS

Infinite Loop

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-835

Identificadores relacionados

ALT-PU-2019-2489

ALT-PU-2020-1383

CVE-2019-1010142

GHSA-MPF2-Q34C-FC6J

MGASA-2020-0266

PYSEC-2019-120

Produtos afetados

Alt Linux

Scapy

PT-2019-11477 · Secdev+1 · Scapy+1

CVE-2019-1010142

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 21