PT-2023-25535 · I2P · I2P
Hbapm6
·
Publicado
2023-08-01
·
Atualizado
2024-11-04
·
CVE-2023-36325
CVSS v3.1
3.7
Baixa
| Vetor | AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
i2p versions prior to 2.3.0
Description
The issue allows de-anonymizing the public IPv4 and IPv6 addresses of i2p hidden services (aka eepsites) via a correlation attack across the IPv4 and IPv6 addresses that occurs when a tunneled, replayed message has a behavior discrepancy. An attack would take days to complete.
Recommendations
Upgrade to i2p version 2.3.0 to mitigate the issue. As a temporary workaround, consider restricting the use of tunneled and replayed messages to minimize the risk of exploitation.
Correção
Side Channel Attack
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
I2P