CVE-2024-47065

Name of the Vulnerable Software and Affected Versions: Meshtastic versions prior to 2.5.1

Description: Meshtastic, an open source mesh networking solution, does not rate limit traceroute responses from remote nodes in versions prior to 2.5.1. This allows an attacker to reliably and continuously obtain responses, potentially collecting approximately 100 samples within a short timeframe (estimated 2 minutes), compared to the longer duration required for passive collection. This issue also enables a 2:1 reflected Denial-of-Service (DoS) attack on the network, though positional confidentiality is the primary concern.

Recommendations: Update to version 2.5.1 or later.