CVE-2019-1010142

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions: scapy version 2.4.0

Description: The issue is a Denial of Service that results in an infinite loop, resource consumption, and the program becoming unresponsive. The component affected is the RADIUSAttrPacketListField.getfield(self..) function. The attack vector can be over the network or via a pcap file, with both methods being effective.

Recommendations: For scapy version 2.4.0, consider disabling the RADIUSAttrPacketListField.getfield(self..) function as a temporary workaround to prevent potential exploitation until a patch is available. Restrict access to the network and limit the use of pcap files to minimize the risk of exploitation.

Exploit

Fix

DoS

Infinite Loop

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-835

Related Identifiers

ALT-PU-2019-2489

ALT-PU-2020-1383

CVE-2019-1010142

GHSA-MPF2-Q34C-FC6J

MGASA-2020-0266

PYSEC-2019-120

Affected Products

Alt Linux

Scapy

CVE-2019-1010142

Weakness Enumeration

Related Identifiers

Affected Products

References · 21