CVE-2017-17066

Name of the Vulnerable Software and Affected Versions i2pd versions prior to 2.17 kovri versions prior to 2.17 (pre-alpha implementations)

Description The issue is related to the improper handling of Garlic DeliveryTypeTunnel packets in the I2P routing protocol, which allows remote attackers to obtain sensitive information from process memory via crafted packets that trigger a buffer over-read. This can be demonstrated by reading sensitive router memory.

Recommendations For i2pd versions prior to 2.17, update to version 2.17 or later to resolve the issue. For kovri pre-alpha implementations, update to a version that properly handles Garlic DeliveryTypeTunnel packets to resolve the issue. As a temporary workaround, consider restricting access to the vulnerable I2P routing protocol implementation until a patch is available.