CVE-2024-7596

Name of the Vulnerable Software and Affected Versions Proposed Generic UDP Encapsulation (GUE) (IETF Draft) (affected versions not specified)

Description The issue concerns the lack of validation or verification of the source of a network packet in the Proposed Generic UDP Encapsulation (GUE) (IETF Draft), allowing an attacker to spoof and route arbitrary traffic via an exposed network interface. This can lead to spoofing, access control bypass, and other unexpected network behaviors. The vulnerability can be exploited by a remote attacker to implement attacks by sending a specially crafted packet with two IP headers.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.