PT-2023-10803 · Unknown+1 · Flar2 Elementalx+1
Mohamed Ghannam
·
Published
2023-01-01
·
Updated
2024-05-17
·
CVE-2018-25062
CVSS v3.1
7.5
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
Name of the Vulnerable Software and Affected Versions
flar2 ElementalX versions up to 6.x
Description
A problematic vulnerability has been found, affecting the function
xfrm dump policy done of the file net/xfrm/xfrm user.c of the component ipsec. The manipulation leads to denial of service.Recommendations
For flar2 ElementalX versions up to 6.x, upgrade to version 7.00 to address this issue. As a temporary workaround, consider disabling the
xfrm dump policy done function until the patch is applied. Restrict access to the ipsec component to minimize the risk of exploitation.Fix
Improper Resource Release
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Flar2 Elementalx
Ipsec