CVE-2023-36325

CVSS v3.1

3.7

Low

Vector

AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

Name of the Vulnerable Software and Affected Versions i2p versions prior to 2.3.0

Description The issue allows de-anonymizing the public IPv4 and IPv6 addresses of i2p hidden services (aka eepsites) via a correlation attack across the IPv4 and IPv6 addresses that occurs when a tunneled, replayed message has a behavior discrepancy. An attack would take days to complete.

Recommendations Upgrade to i2p version 2.3.0 to mitigate the issue. As a temporary workaround, consider restricting the use of tunneled and replayed messages to minimize the risk of exploitation.

Fix

Side Channel Attack

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-203

Related Identifiers

CVE-2023-36325

Affected Products

I2P

CVE-2023-36325

Weakness Enumeration

Related Identifiers

Affected Products

References · 17