CWE-232
Improper Handling of Undefined Values
The product does not handle or incorrectly handles when a value is not defined or supported for the associated parameter, field, or argument name.
CVE-2021-34705 (GCVE-0-2021-34705)
Vulnerability from cvelistv5
Published
2021-09-23 02:26
Modified
2024-09-16 18:33
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
A vulnerability in the Voice Telephony Service Provider (VTSP) service of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to bypass configured destination patterns and dial arbitrary numbers. This vulnerability is due to insufficient validation of dial strings at Foreign Exchange Office (FXO) interfaces. An attacker could exploit this vulnerability by sending a malformed dial string to an affected device via either the ISDN protocol or SIP. A successful exploit could allow the attacker to conduct toll fraud, resulting in unexpected financial impact to affected customers.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T00:19:48.113Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20210922 Cisco IOS and IOS XE Software FXO Interface Destination Pattern Bypass Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fxo-pattern-bypass-jUXgygYv"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cisco IOS",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2021-09-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the Voice Telephony Service Provider (VTSP) service of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to bypass configured destination patterns and dial arbitrary numbers. This vulnerability is due to insufficient validation of dial strings at Foreign Exchange Office (FXO) interfaces. An attacker could exploit this vulnerability by sending a malformed dial string to an affected device via either the ISDN protocol or SIP. A successful exploit could allow the attacker to conduct toll fraud, resulting in unexpected financial impact to affected customers."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-232",
"description": "CWE-232",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-09-23T02:26:08",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "20210922 Cisco IOS and IOS XE Software FXO Interface Destination Pattern Bypass Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fxo-pattern-bypass-jUXgygYv"
}
],
"source": {
"advisory": "cisco-sa-fxo-pattern-bypass-jUXgygYv",
"defect": [
[
"CSCvw53542"
]
],
"discovery": "INTERNAL"
},
"title": "Cisco IOS and IOS XE Software FXO Interface Destination Pattern Bypass Vulnerability",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"DATE_PUBLIC": "2021-09-22T16:00:00",
"ID": "CVE-2021-34705",
"STATE": "PUBLIC",
"TITLE": "Cisco IOS and IOS XE Software FXO Interface Destination Pattern Bypass Vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cisco IOS",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "Cisco"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability in the Voice Telephony Service Provider (VTSP) service of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to bypass configured destination patterns and dial arbitrary numbers. This vulnerability is due to insufficient validation of dial strings at Foreign Exchange Office (FXO) interfaces. An attacker could exploit this vulnerability by sending a malformed dial string to an affected device via either the ISDN protocol or SIP. A successful exploit could allow the attacker to conduct toll fraud, resulting in unexpected financial impact to affected customers."
}
]
},
"exploit": [
{
"lang": "en",
"value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"impact": {
"cvss": {
"baseScore": "5.3",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-232"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20210922 Cisco IOS and IOS XE Software FXO Interface Destination Pattern Bypass Vulnerability",
"refsource": "CISCO",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fxo-pattern-bypass-jUXgygYv"
}
]
},
"source": {
"advisory": "cisco-sa-fxo-pattern-bypass-jUXgygYv",
"defect": [
[
"CSCvw53542"
]
],
"discovery": "INTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2021-34705",
"datePublished": "2021-09-23T02:26:09.005050Z",
"dateReserved": "2021-06-15T00:00:00",
"dateUpdated": "2024-09-16T18:33:27.582Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-3718 (GCVE-0-2021-3718)
Vulnerability from cvelistv5
Published
2021-11-12 22:05
Modified
2024-08-03 17:01
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-232 - Improper Handling of Undefined Values
Summary
A denial of service vulnerability was reported in some ThinkPad models that could cause a system to crash when the Enhanced Biometrics setting is enabled in BIOS.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Lenovo | ThinkPad BIOS |
Version: various |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:01:08.300Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.lenovo.com/us/en/product_security/LEN-72619"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "ThinkPad BIOS",
"vendor": "Lenovo",
"versions": [
{
"status": "affected",
"version": "various"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Lenovo thanks Zoltan Harmarth for reporting this issue"
}
],
"descriptions": [
{
"lang": "en",
"value": "A denial of service vulnerability was reported in some ThinkPad models that could cause a system to crash when the Enhanced Biometrics setting is enabled in BIOS."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "HIGH",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-232",
"description": "CWE-232 Improper Handling of Undefined Values",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-11-12T22:05:34",
"orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"shortName": "lenovo"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.lenovo.com/us/en/product_security/LEN-72619"
}
],
"solutions": [
{
"lang": "en",
"value": "Update system firmware to the version (or newer) indicated for your model in the Product Impact section in LEN-72619."
}
],
"source": {
"advisory": "LEN-72619",
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@lenovo.com",
"ID": "CVE-2021-3718",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "ThinkPad BIOS",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "various"
}
]
}
}
]
},
"vendor_name": "Lenovo"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Lenovo thanks Zoltan Harmarth for reporting this issue"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A denial of service vulnerability was reported in some ThinkPad models that could cause a system to crash when the Enhanced Biometrics setting is enabled in BIOS."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "HIGH",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-232 Improper Handling of Undefined Values"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.lenovo.com/us/en/product_security/LEN-72619",
"refsource": "MISC",
"url": "https://support.lenovo.com/us/en/product_security/LEN-72619"
}
]
},
"solution": [
{
"lang": "en",
"value": "Update system firmware to the version (or newer) indicated for your model in the Product Impact section in LEN-72619."
}
],
"source": {
"advisory": "LEN-72619",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"assignerShortName": "lenovo",
"cveId": "CVE-2021-3718",
"datePublished": "2021-11-12T22:05:34",
"dateReserved": "2021-08-18T00:00:00",
"dateUpdated": "2024-08-03T17:01:08.300Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-22213 (GCVE-0-2022-22213)
Vulnerability from cvelistv5
Published
2022-07-20 14:15
Modified
2024-09-16 16:22
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-232 - Improper Handling of Undefined Values
- Denial of Service (DoS)
Summary
A vulnerability in Handling of Undefined Values in the routing protocol daemon (RPD) process of Juniper Networks Junos OS and Junos OS Evolved may allow an unauthenticated network-based attacker to crash the RPD process by sending a specific BGP update while the system is under heavy load, leading to a Denial of Service (DoS). Continued receipt and processing of this packet will create a sustained Denial of Service (DoS) condition. Malicious exploitation of this issue requires a very specific combination of load, timing, and configuration of the vulnerable system which is beyond the direct control of the attacker. Internal reproduction has only been possible through artificially created load and specially instrumented source code. Systems are only vulnerable to this issue if BGP multipath is enabled. Routers not configured for BGP multipath are not vulnerable to this issue. This issue affects: Juniper Networks Junos OS: 21.1 versions prior to 21.1R3-S1; 21.2 versions prior to 21.2R2-S2, 21.2R3; 21.3 versions prior to 21.3R2, 21.3R3; 21.4 versions prior to 21.4R1-S1, 21.4R2. Juniper Networks Junos OS Evolved: 21.1 versions prior to 21.1R3-S1-EVO; 21.2 version 21.2R1-EVO and later versions; 21.3 versions prior to 21.3R3-EVO; 21.4 versions prior to 21.4R1-S1-EVO, 21.4R2-EVO. This issue does not affect: Juniper Networks Junos OS versions prior to 21.1. Juniper Networks Junos OS Evolved versions prior to 21.1-EVO.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ► | Juniper Networks | Junos OS |
Patch: unspecified < 21.1 Version: 21.1 < 21.1R3-S1 Version: 21.2 < 21.2R2-S2, 21.2R3 Version: 21.3 < 21.3R2, 21.3R3 Version: 21.4 < 21.4R1-S1, 21.4R2 |
||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T03:07:49.919Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://kb.juniper.net/JSA69717"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Junos OS",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "21.1",
"status": "unaffected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "21.1R3-S1",
"status": "affected",
"version": "21.1",
"versionType": "custom"
},
{
"lessThan": "21.2R2-S2, 21.2R3",
"status": "affected",
"version": "21.2",
"versionType": "custom"
},
{
"lessThan": "21.3R2, 21.3R3",
"status": "affected",
"version": "21.3",
"versionType": "custom"
},
{
"lessThan": "21.4R1-S1, 21.4R2",
"status": "affected",
"version": "21.4",
"versionType": "custom"
}
]
},
{
"product": "Junos OS Evolved",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "21.1-EVO",
"status": "unaffected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "21.1R3-S1-EVO",
"status": "affected",
"version": "21.1",
"versionType": "custom"
},
{
"lessThan": "21.2*",
"status": "affected",
"version": "21.2R1-EVO",
"versionType": "custom"
},
{
"lessThan": "21.3R3-EVO",
"status": "affected",
"version": "21.3",
"versionType": "custom"
},
{
"lessThan": "21.4R1-S1-EVO, 21.4R2-EVO",
"status": "affected",
"version": "21.4",
"versionType": "custom"
}
]
}
],
"configurations": [
{
"lang": "en",
"value": "A sample configuration of BGP multipath is shown below:\n\n set protocols bgp group external type external\n set protocols bgp group external peer-as 64501\n set protocols bgp group external multipath\n set protocols bgp group external neighbor 10.0.1.1\n set protocols bgp group external neighbor 10.0.0.2\n set policy-options policy-statement loadbal from route-filter 10.0.0.0/16 orlonger\n set policy-options policy-statement loadbal then load-balance per-packet\n set routing-options forwarding-table export loadbal\n set routing-options autonomous-system 64500"
}
],
"datePublic": "2022-07-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in Handling of Undefined Values in the routing protocol daemon (RPD) process of Juniper Networks Junos OS and Junos OS Evolved may allow an unauthenticated network-based attacker to crash the RPD process by sending a specific BGP update while the system is under heavy load, leading to a Denial of Service (DoS). Continued receipt and processing of this packet will create a sustained Denial of Service (DoS) condition. Malicious exploitation of this issue requires a very specific combination of load, timing, and configuration of the vulnerable system which is beyond the direct control of the attacker. Internal reproduction has only been possible through artificially created load and specially instrumented source code. Systems are only vulnerable to this issue if BGP multipath is enabled. Routers not configured for BGP multipath are not vulnerable to this issue. This issue affects: Juniper Networks Junos OS: 21.1 versions prior to 21.1R3-S1; 21.2 versions prior to 21.2R2-S2, 21.2R3; 21.3 versions prior to 21.3R2, 21.3R3; 21.4 versions prior to 21.4R1-S1, 21.4R2. Juniper Networks Junos OS Evolved: 21.1 versions prior to 21.1R3-S1-EVO; 21.2 version 21.2R1-EVO and later versions; 21.3 versions prior to 21.3R3-EVO; 21.4 versions prior to 21.4R1-S1-EVO, 21.4R2-EVO. This issue does not affect: Juniper Networks Junos OS versions prior to 21.1. Juniper Networks Junos OS Evolved versions prior to 21.1-EVO."
}
],
"exploits": [
{
"lang": "en",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-232",
"description": "CWE-232 Improper Handling of Undefined Values",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"description": "Denial of Service (DoS)",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-07-20T14:15:23",
"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"shortName": "juniper"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://kb.juniper.net/JSA69717"
}
],
"solutions": [
{
"lang": "en",
"value": "The following software releases have been updated to resolve this specific issue: \n\nJunos OS Evolved: 21.1R3-S1-EVO, 21.3R3-EVO, 21.4R1-S1-EVO, 21.4R2-EVO, 22.1R1-EVO\nJunos OS: 21.1R3-S1, 21.2R2-S2, 21.2R3, 21.3R2, 21.4R1-S1, 21.4R2, 22.1R1, and all subsequent releases."
}
],
"source": {
"advisory": "JSA69717",
"defect": [
"1642741"
],
"discovery": "USER"
},
"title": "Junos OS and Junos OS Evolved: Denial of Service (DoS) vulnerability in RPD upon receipt of specific BGP update",
"workarounds": [
{
"lang": "en",
"value": "Disable BGP multipath, or configure \u0027set protocols bgp multipath-build deferred\u0027."
}
],
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "sirt@juniper.net",
"DATE_PUBLIC": "2022-07-13T16:00:00.000Z",
"ID": "CVE-2022-22213",
"STATE": "PUBLIC",
"TITLE": "Junos OS and Junos OS Evolved: Denial of Service (DoS) vulnerability in RPD upon receipt of specific BGP update"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Junos OS",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "21.1",
"version_value": "21.1R3-S1"
},
{
"version_affected": "\u003c",
"version_name": "21.2",
"version_value": "21.2R2-S2, 21.2R3"
},
{
"version_affected": "\u003c",
"version_name": "21.3",
"version_value": "21.3R2, 21.3R3"
},
{
"version_affected": "\u003c",
"version_name": "21.4",
"version_value": "21.4R1-S1, 21.4R2"
},
{
"version_affected": "!\u003c",
"version_value": "21.1"
}
]
}
},
{
"product_name": "Junos OS Evolved",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "21.1",
"version_value": "21.1R3-S1-EVO"
},
{
"version_affected": "\u003e=",
"version_name": "21.2",
"version_value": "21.2R1-EVO"
},
{
"version_affected": "\u003c",
"version_name": "21.3",
"version_value": "21.3R3-EVO"
},
{
"version_affected": "\u003c",
"version_name": "21.4",
"version_value": "21.4R1-S1-EVO, 21.4R2-EVO"
},
{
"version_affected": "!\u003c",
"version_value": "21.1-EVO"
}
]
}
}
]
},
"vendor_name": "Juniper Networks"
}
]
}
},
"configuration": [
{
"lang": "en",
"value": "A sample configuration of BGP multipath is shown below:\n\n set protocols bgp group external type external\n set protocols bgp group external peer-as 64501\n set protocols bgp group external multipath\n set protocols bgp group external neighbor 10.0.1.1\n set protocols bgp group external neighbor 10.0.0.2\n set policy-options policy-statement loadbal from route-filter 10.0.0.0/16 orlonger\n set policy-options policy-statement loadbal then load-balance per-packet\n set routing-options forwarding-table export loadbal\n set routing-options autonomous-system 64500"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability in Handling of Undefined Values in the routing protocol daemon (RPD) process of Juniper Networks Junos OS and Junos OS Evolved may allow an unauthenticated network-based attacker to crash the RPD process by sending a specific BGP update while the system is under heavy load, leading to a Denial of Service (DoS). Continued receipt and processing of this packet will create a sustained Denial of Service (DoS) condition. Malicious exploitation of this issue requires a very specific combination of load, timing, and configuration of the vulnerable system which is beyond the direct control of the attacker. Internal reproduction has only been possible through artificially created load and specially instrumented source code. Systems are only vulnerable to this issue if BGP multipath is enabled. Routers not configured for BGP multipath are not vulnerable to this issue. This issue affects: Juniper Networks Junos OS: 21.1 versions prior to 21.1R3-S1; 21.2 versions prior to 21.2R2-S2, 21.2R3; 21.3 versions prior to 21.3R2, 21.3R3; 21.4 versions prior to 21.4R1-S1, 21.4R2. Juniper Networks Junos OS Evolved: 21.1 versions prior to 21.1R3-S1-EVO; 21.2 version 21.2R1-EVO and later versions; 21.3 versions prior to 21.3R3-EVO; 21.4 versions prior to 21.4R1-S1-EVO, 21.4R2-EVO. This issue does not affect: Juniper Networks Junos OS versions prior to 21.1. Juniper Networks Junos OS Evolved versions prior to 21.1-EVO."
}
]
},
"exploit": [
{
"lang": "en",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-232 Improper Handling of Undefined Values"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "Denial of Service (DoS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.juniper.net/JSA69717",
"refsource": "CONFIRM",
"url": "https://kb.juniper.net/JSA69717"
}
]
},
"solution": [
{
"lang": "en",
"value": "The following software releases have been updated to resolve this specific issue: \n\nJunos OS Evolved: 21.1R3-S1-EVO, 21.3R3-EVO, 21.4R1-S1-EVO, 21.4R2-EVO, 22.1R1-EVO\nJunos OS: 21.1R3-S1, 21.2R2-S2, 21.2R3, 21.3R2, 21.4R1-S1, 21.4R2, 22.1R1, and all subsequent releases."
}
],
"source": {
"advisory": "JSA69717",
"defect": [
"1642741"
],
"discovery": "USER"
},
"work_around": [
{
"lang": "en",
"value": "Disable BGP multipath, or configure \u0027set protocols bgp multipath-build deferred\u0027."
}
]
}
}
},
"cveMetadata": {
"assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"assignerShortName": "juniper",
"cveId": "CVE-2022-22213",
"datePublished": "2022-07-20T14:15:23.806619Z",
"dateReserved": "2021-12-21T00:00:00",
"dateUpdated": "2024-09-16T16:22:28.305Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-2968 (GCVE-0-2023-2968)
Vulnerability from cvelistv5
Published
2023-05-30 17:37
Modified
2025-01-09 21:21
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
A remote attacker can trigger a denial of service in the socket.remoteAddress variable, by sending a crafted HTTP request. Usage of the undefined variable raises a TypeError exception.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T06:41:03.797Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://research.jfrog.com/vulnerabilities/undefined-variable-usage-in-proxy-leads-to-remote-denial-of-service-xray-520917"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-2968",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-09T21:20:42.543069Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-09T21:21:19.735Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://www.npmjs.com",
"packageName": "proxy",
"versions": [
{
"lessThan": "2.1.1",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eA remote attacker can trigger a denial of service in the socket.remoteAddress variable, by sending a crafted HTTP request. Usage of the undefined variable raises a TypeError exception.\u003c/p\u003e"
}
],
"value": "A remote attacker can trigger a denial of service in the socket.remoteAddress variable, by sending a crafted HTTP request. Usage of the undefined variable raises a TypeError exception.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-232",
"description": "CWE-232",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-30T17:37:45.166Z",
"orgId": "48a46f29-ae42-4e1d-90dd-c1676c1e5e6d",
"shortName": "JFROG"
},
"references": [
{
"url": "https://research.jfrog.com/vulnerabilities/undefined-variable-usage-in-proxy-leads-to-remote-denial-of-service-xray-520917"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Undefined variable usage in npm package \"proxy\" leads to remote denial of service"
}
},
"cveMetadata": {
"assignerOrgId": "48a46f29-ae42-4e1d-90dd-c1676c1e5e6d",
"assignerShortName": "JFROG",
"cveId": "CVE-2023-2968",
"datePublished": "2023-05-30T17:37:45.166Z",
"dateReserved": "2023-05-29T21:15:17.688Z",
"dateUpdated": "2025-01-09T21:21:19.735Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-36848 (GCVE-0-2023-36848)
Vulnerability from cvelistv5
Published
2023-07-14 17:52
Modified
2024-10-22 14:19
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-232 - Improper Handling of Undefined Values
- Denial of Service (DoS)
Summary
An Improper Handling of Undefined Values vulnerability in the periodic packet management daemon (PPMD) of Juniper Networks Junos OS on MX Series(except MPC10, MPC11 and LC9600) allows an unauthenticated adjacent attacker to cause a Denial of Service (DoS).
When a malformed CFM packet is received, it leads to an FPC crash. Continued receipt of these packets causes a sustained denial of service. This vulnerability occurs only when CFM has been configured on the interface.
This issue affects Juniper Networks Junos OS:
versions prior to 19.1R3-S10 on MX Series;
19.2 versions prior to 19.2R3-S7 on MX Series;
19.3 versions prior to 19.3R3-S8 on MX Series;
19.4 versions prior to 19.4R3-S12 on MX Series;
20.1 version 20.1R1 and later versions on MX Series;
20.2 versions prior to 20.2R3-S8 on MX Series;
20.3 version 20.3R1 and later versions on MX Series;
20.4 versions prior to 20.4R3-S7 on MX Series;
21.1 versions prior to 21.1R3-S5 on MX Series;
21.2 versions prior to 21.2R3-S5 on MX Series;
21.3 versions prior to 21.3R3-S4 on MX Series;
21.4 versions prior to 21.4R3-S4 on MX Series;
22.1 versions prior to 22.1R3-S3 on MX Series;
22.2 versions prior to 22.2R3-S1 on MX Series;
22.3 versions prior to 22.3R3 on MX Series;
22.4 versions prior to 22.4R1-S2, 22.4R2 on MX Series.
References
| ► | URL | Tags |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Juniper Networks | Junos OS |
Version: unspecified < 19.1R3-S10 Version: 19.2 < 19.2R3-S7 Version: 19.3 < 19.3R3-S8 Version: 19.4 < 19.4R3-S12 Version: 20.1 < 20.1* Version: 20.2 < 20.2R3-S8 Version: 20.3 < 20.3* Version: 20.4 < 20.4R3-S7 Version: 21.1 < 21.1R3-S5 Version: 21.2 < 21.2R3-S5 Version: 21.3 < 21.3R3-S4 Version: 21.4 < 21.4R3-S4 Version: 22.1 < 22.1R3-S3 Version: 22.2 < 22.2R3-S1 Version: 22.3 < 22.3R3 Version: 22.4 < 22.4R1-S2, 22.4R2 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T17:01:09.698Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://supportportal.juniper.net/JSA71659"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-36848",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-22T14:07:15.605982Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-22T14:19:00.639Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"MX Series"
],
"product": "Junos OS",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "19.1R3-S10",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "19.2R3-S7",
"status": "affected",
"version": "19.2",
"versionType": "custom"
},
{
"lessThan": "19.3R3-S8",
"status": "affected",
"version": "19.3",
"versionType": "custom"
},
{
"lessThan": "19.4R3-S12",
"status": "affected",
"version": "19.4",
"versionType": "custom"
},
{
"lessThan": "20.1*",
"status": "affected",
"version": "20.1",
"versionType": "custom"
},
{
"lessThan": "20.2R3-S8",
"status": "affected",
"version": "20.2",
"versionType": "custom"
},
{
"lessThan": "20.3*",
"status": "affected",
"version": "20.3",
"versionType": "custom"
},
{
"lessThan": "20.4R3-S7",
"status": "affected",
"version": "20.4",
"versionType": "custom"
},
{
"lessThan": "21.1R3-S5",
"status": "affected",
"version": "21.1",
"versionType": "custom"
},
{
"lessThan": "21.2R3-S5",
"status": "affected",
"version": "21.2",
"versionType": "custom"
},
{
"lessThan": "21.3R3-S4",
"status": "affected",
"version": "21.3",
"versionType": "custom"
},
{
"lessThan": "21.4R3-S4",
"status": "affected",
"version": "21.4",
"versionType": "custom"
},
{
"lessThan": "22.1R3-S3",
"status": "affected",
"version": "22.1",
"versionType": "custom"
},
{
"lessThan": "22.2R3-S1",
"status": "affected",
"version": "22.2",
"versionType": "custom"
},
{
"lessThan": "22.3R3",
"status": "affected",
"version": "22.3",
"versionType": "custom"
},
{
"lessThan": "22.4R1-S2, 22.4R2",
"status": "affected",
"version": "22.4",
"versionType": "custom"
}
]
}
],
"datePublic": "2023-07-12T16:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An Improper Handling of Undefined Values vulnerability in the periodic packet management daemon (PPMD) of Juniper Networks Junos OS on MX Series(except MPC10, MPC11 and LC9600) allows an unauthenticated adjacent attacker to cause a Denial of Service (DoS).\u003cbr\u003e\u003cbr\u003eWhen a malformed CFM packet is received, it leads to an FPC crash. Continued receipt of these packets causes a sustained denial of service. This vulnerability occurs only when CFM has been configured on the interface.\u003cbr\u003e\u003cbr\u003eThis issue affects Juniper Networks Junos OS:\u003cbr\u003eversions prior to 19.1R3-S10 on MX Series;\u003cbr\u003e19.2 versions prior to 19.2R3-S7 on MX Series;\u003cbr\u003e19.3 versions prior to 19.3R3-S8 on MX Series;\u003cbr\u003e19.4 versions prior to 19.4R3-S12 on MX Series;\u003cbr\u003e20.1 version 20.1R1 and later versions on MX Series;\u003cbr\u003e20.2 versions prior to 20.2R3-S8 on MX Series;\u003cbr\u003e20.3 version 20.3R1 and later versions on MX Series;\u003cbr\u003e20.4 versions prior to 20.4R3-S7 on MX Series;\u003cbr\u003e21.1 versions prior to 21.1R3-S5 on MX Series;\u003cbr\u003e21.2 versions prior to 21.2R3-S5 on MX Series;\u003cbr\u003e21.3 versions prior to 21.3R3-S4 on MX Series;\u003cbr\u003e21.4 versions prior to 21.4R3-S4 on MX Series;\u003cbr\u003e22.1 versions prior to 22.1R3-S3 on MX Series;\u003cbr\u003e22.2 versions prior to 22.2R3-S1 on MX Series;\u003cbr\u003e22.3 versions prior to 22.3R3 on MX Series;\u003cbr\u003e22.4 versions prior to 22.4R1-S2, 22.4R2 on MX Series.\u003cbr\u003e"
}
],
"value": "An Improper Handling of Undefined Values vulnerability in the periodic packet management daemon (PPMD) of Juniper Networks Junos OS on MX Series(except MPC10, MPC11 and LC9600) allows an unauthenticated adjacent attacker to cause a Denial of Service (DoS).\n\nWhen a malformed CFM packet is received, it leads to an FPC crash. Continued receipt of these packets causes a sustained denial of service. This vulnerability occurs only when CFM has been configured on the interface.\n\nThis issue affects Juniper Networks Junos OS:\nversions prior to 19.1R3-S10 on MX Series;\n19.2 versions prior to 19.2R3-S7 on MX Series;\n19.3 versions prior to 19.3R3-S8 on MX Series;\n19.4 versions prior to 19.4R3-S12 on MX Series;\n20.1 version 20.1R1 and later versions on MX Series;\n20.2 versions prior to 20.2R3-S8 on MX Series;\n20.3 version 20.3R1 and later versions on MX Series;\n20.4 versions prior to 20.4R3-S7 on MX Series;\n21.1 versions prior to 21.1R3-S5 on MX Series;\n21.2 versions prior to 21.2R3-S5 on MX Series;\n21.3 versions prior to 21.3R3-S4 on MX Series;\n21.4 versions prior to 21.4R3-S4 on MX Series;\n22.1 versions prior to 22.1R3-S3 on MX Series;\n22.2 versions prior to 22.2R3-S1 on MX Series;\n22.3 versions prior to 22.3R3 on MX Series;\n22.4 versions prior to 22.4R1-S2, 22.4R2 on MX Series.\n"
}
],
"exploits": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability.\u003cbr\u003e"
}
],
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability.\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-232",
"description": "CWE-232 Improper Handling of Undefined Values",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"description": "Denial of Service (DoS)",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-07-14T17:52:37.019Z",
"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"shortName": "juniper"
},
"references": [
{
"url": "https://supportportal.juniper.net/JSA71659"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The following software releases have been updated to resolve this specific issue: Junos OS 19.1R3-S10, 19.2R3-S7, 19.3R3-S8, 19.4R3-S12, 20.2R3-S8, 20.4R3-S7, 21.1R3-S5, 21.2R3-S5, 21.3R3-S4, 21.4R3-S4, 22.1R3-S3, 22.2R3-S1, 22.3R3, 22.4R1-S2, 22.4R2, 23.1R1, and all subsequent releases.\u003cbr\u003e\u003cbr\u003e"
}
],
"value": "The following software releases have been updated to resolve this specific issue: Junos OS 19.1R3-S10, 19.2R3-S7, 19.3R3-S8, 19.4R3-S12, 20.2R3-S8, 20.4R3-S7, 21.1R3-S5, 21.2R3-S5, 21.3R3-S4, 21.4R3-S4, 22.1R3-S3, 22.2R3-S1, 22.3R3, 22.4R1-S2, 22.4R2, 23.1R1, and all subsequent releases.\n\n"
}
],
"source": {
"advisory": "JSA71659",
"defect": [
"1714149"
],
"discovery": "USER"
},
"title": "Junos OS: MX Series: The FPC will crash on receiving a malformed CFM packet",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "There are no known workarounds for this issue.\u003cbr\u003e"
}
],
"value": "There are no known workarounds for this issue.\n"
}
],
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"assignerShortName": "juniper",
"cveId": "CVE-2023-36848",
"datePublished": "2023-07-14T17:52:37.019Z",
"dateReserved": "2023-06-27T16:17:25.277Z",
"dateUpdated": "2024-10-22T14:19:00.639Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-39914 (GCVE-0-2023-39914)
Vulnerability from cvelistv5
Published
2023-09-13 14:17
Modified
2024-09-12 13:22
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
NLnet Labs' bcder library up to and including version 0.7.2 panics while decoding certain invalid input data rather than rejecting the data with an error. This can affect both the actual decoding stage as well as accessing content of types that utilized delayed decoding.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| NLnet Labs | bcder |
Version: * ≤ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T18:18:10.086Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://nlnetlabs.nl/downloads/bcder/CVE-2023-39914.txt"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-39914",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-12T13:22:23.054203Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-12T13:22:36.893Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "bcder",
"vendor": "NLnet Labs",
"versions": [
{
"lessThan": "0.7.3",
"status": "affected",
"version": "*",
"versionType": "semver"
},
{
"lessThan": "*",
"status": "unaffected",
"version": "0.7.3",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Haya Shulman"
},
{
"lang": "en",
"type": "finder",
"value": "Donika Mirdita"
},
{
"lang": "en",
"type": "finder",
"value": "Niklas Vogel"
}
],
"datePublic": "2023-09-13T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "NLnet Labs\u0027 bcder library up to and including version 0.7.2 panics while decoding certain invalid input data rather than rejecting the data with an error. This can affect both the actual decoding stage as well as accessing content of types that utilized delayed decoding."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-232",
"description": "CWE-232: Improper Handling of Undefined Values",
"lang": "en",
"type": "CWE"
},
{
"cweId": "CWE-240",
"description": "CWE-240: Improper Handling of Inconsistent Structural Elements",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T15:34:05.255Z",
"orgId": "206fc3a0-e175-490b-9eaa-a5738056c9f6",
"shortName": "NLnet Labs"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://nlnetlabs.nl/downloads/bcder/CVE-2023-39914.txt"
}
],
"solutions": [
{
"lang": "en",
"value": "This issue is fixed in 0.7.3 and all later versions."
}
],
"timeline": [
{
"lang": "en",
"time": "2023-07-19T18:00:00.000Z",
"value": "Issue reported by Haya Shulman"
},
{
"lang": "en",
"time": "2023-09-13T14:00:00.000Z",
"value": "Fixes released"
}
],
"title": "BER/CER/DER decoder panics on invalid input"
}
},
"cveMetadata": {
"assignerOrgId": "206fc3a0-e175-490b-9eaa-a5738056c9f6",
"assignerShortName": "NLnet Labs",
"cveId": "CVE-2023-39914",
"datePublished": "2023-09-13T14:17:49.204Z",
"dateReserved": "2023-08-07T11:55:17.843Z",
"dateUpdated": "2024-09-12T13:22:36.893Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-39915 (GCVE-0-2023-39915)
Vulnerability from cvelistv5
Published
2023-09-13 14:20
Modified
2024-09-12 13:22
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
NLnet Labs' Routinator up to and including version 0.12.1 may crash when trying to parse certain malformed RPKI objects. This is due to insufficient input checking in the bcder library covered by CVE-2023-39914.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| NLnet Labs | Routinator |
Version: * ≤ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T18:18:10.006Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://nlnetlabs.nl/downloads/routinator/CVE-2023-39915.txt"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-39915",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-12T13:21:49.530155Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-12T13:22:03.133Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Routinator",
"vendor": "NLnet Labs",
"versions": [
{
"lessThan": "0.12.2",
"status": "affected",
"version": "*",
"versionType": "semver"
},
{
"lessThan": "*",
"status": "unaffected",
"version": "0.12.2",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Haya Shulman"
},
{
"lang": "en",
"type": "finder",
"value": "Donika Mirdita"
},
{
"lang": "en",
"type": "finder",
"value": "Niklas Vogel"
}
],
"datePublic": "2023-09-13T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "NLnet Labs\u0027 Routinator up to and including version 0.12.1 may crash when trying to parse certain malformed RPKI objects. This is due to insufficient input checking in the bcder library covered by CVE-2023-39914."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-232",
"description": "CWE-232: Improper Handling of Undefined Values",
"lang": "en",
"type": "CWE"
},
{
"cweId": "CWE-240",
"description": "CWE-240: Improper Handling of Inconsistent Structural Elements",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T15:36:54.043Z",
"orgId": "206fc3a0-e175-490b-9eaa-a5738056c9f6",
"shortName": "NLnet Labs"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://nlnetlabs.nl/downloads/routinator/CVE-2023-39915.txt"
}
],
"solutions": [
{
"lang": "en",
"value": "This issue is fixed in 0.12.2 and all later versions."
}
],
"timeline": [
{
"lang": "en",
"time": "2023-07-19T18:00:00.000Z",
"value": "Issue reported by Haya Shulman"
},
{
"lang": "en",
"time": "2023-09-13T14:00:00.000Z",
"value": "Fixes released"
}
],
"title": "Crashes on parsing certain invalid RPKI objects"
}
},
"cveMetadata": {
"assignerOrgId": "206fc3a0-e175-490b-9eaa-a5738056c9f6",
"assignerShortName": "NLnet Labs",
"cveId": "CVE-2023-39915",
"datePublished": "2023-09-13T14:20:59.967Z",
"dateReserved": "2023-08-07T11:55:17.843Z",
"dateUpdated": "2024-09-12T13:22:03.133Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-20192 (GCVE-0-2025-20192)
Vulnerability from cvelistv5
Published
2025-05-07 17:36
Modified
2025-05-07 19:43
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-232 - Improper Handling of Undefined Values
Summary
A vulnerability in the Internet Key Exchange version 1 (IKEv1) implementation of Cisco IOS XE Software could allow an authenticated, remote attacker to cause a denial of service (DoS) condition. The attacker must have valid IKEv1 VPN credentials to exploit this vulnerability.
This vulnerability is due to improper validation of IKEv1 phase 2 parameters before the IPsec security association creation request is handed off to the hardware cryptographic accelerator of an affected device. An attacker could exploit this vulnerability by sending crafted IKEv1 messages to the affected device. A successful exploit could allow the attacker to cause the device to reload.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cisco | Cisco IOS XE Software |
Version: 3.13.0S Version: 3.13.1S Version: 3.13.2S Version: 3.13.3S Version: 3.13.4S Version: 3.13.5S Version: 3.13.6S Version: 3.13.7S Version: 3.13.6aS Version: 3.13.8S Version: 3.13.9S Version: 3.13.10S Version: 3.14.0S Version: 3.14.1S Version: 3.14.2S Version: 3.14.3S Version: 3.14.4S Version: 3.15.0S Version: 3.15.1S Version: 3.15.2S Version: 3.15.1cS Version: 3.15.3S Version: 3.15.4S Version: 3.16.0S Version: 3.16.1aS Version: 3.16.2S Version: 3.16.0cS Version: 3.16.3S Version: 3.16.4aS Version: 3.16.4bS Version: 3.16.5S Version: 3.16.4dS Version: 3.16.6S Version: 3.16.7S Version: 3.16.6bS Version: 3.16.7aS Version: 3.16.7bS Version: 3.16.8S Version: 3.16.9S Version: 3.16.10S Version: 3.17.0S Version: 3.17.1S Version: 3.17.2S Version: 3.17.3S Version: 3.17.4S Version: 16.2.1 Version: 16.2.2 Version: 16.3.1 Version: 16.3.2 Version: 16.3.3 Version: 16.3.1a Version: 16.3.4 Version: 16.3.5 Version: 16.3.6 Version: 16.3.7 Version: 16.3.8 Version: 16.3.9 Version: 16.3.10 Version: 16.3.11 Version: 16.4.1 Version: 16.4.2 Version: 16.4.3 Version: 16.5.1 Version: 16.5.1b Version: 16.5.2 Version: 16.5.3 Version: 3.18.2aSP Version: 16.6.1 Version: 16.6.2 Version: 16.6.3 Version: 16.6.4 Version: 16.6.5 Version: 16.6.6 Version: 16.6.7 Version: 16.6.8 Version: 16.6.9 Version: 16.6.10 Version: 16.7.1 Version: 16.7.2 Version: 16.7.3 Version: 16.8.1 Version: 16.8.1s Version: 16.8.2 Version: 16.8.3 Version: 16.9.1 Version: 16.9.2 Version: 16.9.1s Version: 16.9.3 Version: 16.9.4 Version: 16.9.5 Version: 16.9.6 Version: 16.9.7 Version: 16.9.8 Version: 16.10.1 Version: 16.10.1a Version: 16.10.1b Version: 16.10.1s Version: 16.10.1e Version: 16.10.2 Version: 16.10.3 Version: 16.11.1 Version: 16.11.1a Version: 16.11.2 Version: 16.11.1s Version: 16.12.1 Version: 16.12.1s Version: 16.12.1a Version: 16.12.1c Version: 16.12.2 Version: 16.12.3 Version: 16.12.8 Version: 16.12.2s Version: 16.12.4 Version: 16.12.3s Version: 16.12.5 Version: 16.12.6 Version: 16.12.7 Version: 17.1.1 Version: 17.1.1s Version: 17.1.1t Version: 17.1.3 Version: 17.2.1 Version: 17.2.1r Version: 17.2.1v Version: 17.2.2 Version: 17.2.3 Version: 17.3.1 Version: 17.3.2 Version: 17.3.3 Version: 17.3.1a Version: 17.3.4 Version: 17.3.5 Version: 17.3.4a Version: 17.3.6 Version: 17.3.7 Version: 17.3.8 Version: 17.3.8a Version: 17.4.1 Version: 17.4.2 Version: 17.4.1a Version: 17.4.1b Version: 17.5.1 Version: 17.5.1a Version: 17.6.1 Version: 17.6.2 Version: 17.6.1a Version: 17.6.3 Version: 17.6.1y Version: 17.6.3a Version: 17.6.4 Version: 17.6.5 Version: 17.6.6 Version: 17.6.6a Version: 17.6.5a Version: 17.6.7 Version: 17.6.8 Version: 17.6.8a Version: 17.7.1 Version: 17.7.1a Version: 17.7.2 Version: 17.10.1 Version: 17.10.1a Version: 17.8.1 Version: 17.8.1a Version: 17.9.1 Version: 17.9.2 Version: 17.9.1a Version: 17.9.3 Version: 17.9.2a Version: 17.9.3a Version: 17.9.4 Version: 17.9.5 Version: 17.9.4a Version: 17.9.5a Version: 17.9.5b Version: 17.9.5e Version: 17.9.5f Version: 17.11.1 Version: 17.11.1a Version: 17.12.1 Version: 17.12.1a Version: 17.12.2 Version: 17.12.3 Version: 17.12.2a Version: 17.12.3a Version: 17.13.1 Version: 17.13.1a Version: 17.14.1 Version: 17.14.1a |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-20192",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-07T18:56:00.580521Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-07T19:43:26.883Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Cisco IOS XE Software",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "3.13.0S"
},
{
"status": "affected",
"version": "3.13.1S"
},
{
"status": "affected",
"version": "3.13.2S"
},
{
"status": "affected",
"version": "3.13.3S"
},
{
"status": "affected",
"version": "3.13.4S"
},
{
"status": "affected",
"version": "3.13.5S"
},
{
"status": "affected",
"version": "3.13.6S"
},
{
"status": "affected",
"version": "3.13.7S"
},
{
"status": "affected",
"version": "3.13.6aS"
},
{
"status": "affected",
"version": "3.13.8S"
},
{
"status": "affected",
"version": "3.13.9S"
},
{
"status": "affected",
"version": "3.13.10S"
},
{
"status": "affected",
"version": "3.14.0S"
},
{
"status": "affected",
"version": "3.14.1S"
},
{
"status": "affected",
"version": "3.14.2S"
},
{
"status": "affected",
"version": "3.14.3S"
},
{
"status": "affected",
"version": "3.14.4S"
},
{
"status": "affected",
"version": "3.15.0S"
},
{
"status": "affected",
"version": "3.15.1S"
},
{
"status": "affected",
"version": "3.15.2S"
},
{
"status": "affected",
"version": "3.15.1cS"
},
{
"status": "affected",
"version": "3.15.3S"
},
{
"status": "affected",
"version": "3.15.4S"
},
{
"status": "affected",
"version": "3.16.0S"
},
{
"status": "affected",
"version": "3.16.1aS"
},
{
"status": "affected",
"version": "3.16.2S"
},
{
"status": "affected",
"version": "3.16.0cS"
},
{
"status": "affected",
"version": "3.16.3S"
},
{
"status": "affected",
"version": "3.16.4aS"
},
{
"status": "affected",
"version": "3.16.4bS"
},
{
"status": "affected",
"version": "3.16.5S"
},
{
"status": "affected",
"version": "3.16.4dS"
},
{
"status": "affected",
"version": "3.16.6S"
},
{
"status": "affected",
"version": "3.16.7S"
},
{
"status": "affected",
"version": "3.16.6bS"
},
{
"status": "affected",
"version": "3.16.7aS"
},
{
"status": "affected",
"version": "3.16.7bS"
},
{
"status": "affected",
"version": "3.16.8S"
},
{
"status": "affected",
"version": "3.16.9S"
},
{
"status": "affected",
"version": "3.16.10S"
},
{
"status": "affected",
"version": "3.17.0S"
},
{
"status": "affected",
"version": "3.17.1S"
},
{
"status": "affected",
"version": "3.17.2S"
},
{
"status": "affected",
"version": "3.17.3S"
},
{
"status": "affected",
"version": "3.17.4S"
},
{
"status": "affected",
"version": "16.2.1"
},
{
"status": "affected",
"version": "16.2.2"
},
{
"status": "affected",
"version": "16.3.1"
},
{
"status": "affected",
"version": "16.3.2"
},
{
"status": "affected",
"version": "16.3.3"
},
{
"status": "affected",
"version": "16.3.1a"
},
{
"status": "affected",
"version": "16.3.4"
},
{
"status": "affected",
"version": "16.3.5"
},
{
"status": "affected",
"version": "16.3.6"
},
{
"status": "affected",
"version": "16.3.7"
},
{
"status": "affected",
"version": "16.3.8"
},
{
"status": "affected",
"version": "16.3.9"
},
{
"status": "affected",
"version": "16.3.10"
},
{
"status": "affected",
"version": "16.3.11"
},
{
"status": "affected",
"version": "16.4.1"
},
{
"status": "affected",
"version": "16.4.2"
},
{
"status": "affected",
"version": "16.4.3"
},
{
"status": "affected",
"version": "16.5.1"
},
{
"status": "affected",
"version": "16.5.1b"
},
{
"status": "affected",
"version": "16.5.2"
},
{
"status": "affected",
"version": "16.5.3"
},
{
"status": "affected",
"version": "3.18.2aSP"
},
{
"status": "affected",
"version": "16.6.1"
},
{
"status": "affected",
"version": "16.6.2"
},
{
"status": "affected",
"version": "16.6.3"
},
{
"status": "affected",
"version": "16.6.4"
},
{
"status": "affected",
"version": "16.6.5"
},
{
"status": "affected",
"version": "16.6.6"
},
{
"status": "affected",
"version": "16.6.7"
},
{
"status": "affected",
"version": "16.6.8"
},
{
"status": "affected",
"version": "16.6.9"
},
{
"status": "affected",
"version": "16.6.10"
},
{
"status": "affected",
"version": "16.7.1"
},
{
"status": "affected",
"version": "16.7.2"
},
{
"status": "affected",
"version": "16.7.3"
},
{
"status": "affected",
"version": "16.8.1"
},
{
"status": "affected",
"version": "16.8.1s"
},
{
"status": "affected",
"version": "16.8.2"
},
{
"status": "affected",
"version": "16.8.3"
},
{
"status": "affected",
"version": "16.9.1"
},
{
"status": "affected",
"version": "16.9.2"
},
{
"status": "affected",
"version": "16.9.1s"
},
{
"status": "affected",
"version": "16.9.3"
},
{
"status": "affected",
"version": "16.9.4"
},
{
"status": "affected",
"version": "16.9.5"
},
{
"status": "affected",
"version": "16.9.6"
},
{
"status": "affected",
"version": "16.9.7"
},
{
"status": "affected",
"version": "16.9.8"
},
{
"status": "affected",
"version": "16.10.1"
},
{
"status": "affected",
"version": "16.10.1a"
},
{
"status": "affected",
"version": "16.10.1b"
},
{
"status": "affected",
"version": "16.10.1s"
},
{
"status": "affected",
"version": "16.10.1e"
},
{
"status": "affected",
"version": "16.10.2"
},
{
"status": "affected",
"version": "16.10.3"
},
{
"status": "affected",
"version": "16.11.1"
},
{
"status": "affected",
"version": "16.11.1a"
},
{
"status": "affected",
"version": "16.11.2"
},
{
"status": "affected",
"version": "16.11.1s"
},
{
"status": "affected",
"version": "16.12.1"
},
{
"status": "affected",
"version": "16.12.1s"
},
{
"status": "affected",
"version": "16.12.1a"
},
{
"status": "affected",
"version": "16.12.1c"
},
{
"status": "affected",
"version": "16.12.2"
},
{
"status": "affected",
"version": "16.12.3"
},
{
"status": "affected",
"version": "16.12.8"
},
{
"status": "affected",
"version": "16.12.2s"
},
{
"status": "affected",
"version": "16.12.4"
},
{
"status": "affected",
"version": "16.12.3s"
},
{
"status": "affected",
"version": "16.12.5"
},
{
"status": "affected",
"version": "16.12.6"
},
{
"status": "affected",
"version": "16.12.7"
},
{
"status": "affected",
"version": "17.1.1"
},
{
"status": "affected",
"version": "17.1.1s"
},
{
"status": "affected",
"version": "17.1.1t"
},
{
"status": "affected",
"version": "17.1.3"
},
{
"status": "affected",
"version": "17.2.1"
},
{
"status": "affected",
"version": "17.2.1r"
},
{
"status": "affected",
"version": "17.2.1v"
},
{
"status": "affected",
"version": "17.2.2"
},
{
"status": "affected",
"version": "17.2.3"
},
{
"status": "affected",
"version": "17.3.1"
},
{
"status": "affected",
"version": "17.3.2"
},
{
"status": "affected",
"version": "17.3.3"
},
{
"status": "affected",
"version": "17.3.1a"
},
{
"status": "affected",
"version": "17.3.4"
},
{
"status": "affected",
"version": "17.3.5"
},
{
"status": "affected",
"version": "17.3.4a"
},
{
"status": "affected",
"version": "17.3.6"
},
{
"status": "affected",
"version": "17.3.7"
},
{
"status": "affected",
"version": "17.3.8"
},
{
"status": "affected",
"version": "17.3.8a"
},
{
"status": "affected",
"version": "17.4.1"
},
{
"status": "affected",
"version": "17.4.2"
},
{
"status": "affected",
"version": "17.4.1a"
},
{
"status": "affected",
"version": "17.4.1b"
},
{
"status": "affected",
"version": "17.5.1"
},
{
"status": "affected",
"version": "17.5.1a"
},
{
"status": "affected",
"version": "17.6.1"
},
{
"status": "affected",
"version": "17.6.2"
},
{
"status": "affected",
"version": "17.6.1a"
},
{
"status": "affected",
"version": "17.6.3"
},
{
"status": "affected",
"version": "17.6.1y"
},
{
"status": "affected",
"version": "17.6.3a"
},
{
"status": "affected",
"version": "17.6.4"
},
{
"status": "affected",
"version": "17.6.5"
},
{
"status": "affected",
"version": "17.6.6"
},
{
"status": "affected",
"version": "17.6.6a"
},
{
"status": "affected",
"version": "17.6.5a"
},
{
"status": "affected",
"version": "17.6.7"
},
{
"status": "affected",
"version": "17.6.8"
},
{
"status": "affected",
"version": "17.6.8a"
},
{
"status": "affected",
"version": "17.7.1"
},
{
"status": "affected",
"version": "17.7.1a"
},
{
"status": "affected",
"version": "17.7.2"
},
{
"status": "affected",
"version": "17.10.1"
},
{
"status": "affected",
"version": "17.10.1a"
},
{
"status": "affected",
"version": "17.8.1"
},
{
"status": "affected",
"version": "17.8.1a"
},
{
"status": "affected",
"version": "17.9.1"
},
{
"status": "affected",
"version": "17.9.2"
},
{
"status": "affected",
"version": "17.9.1a"
},
{
"status": "affected",
"version": "17.9.3"
},
{
"status": "affected",
"version": "17.9.2a"
},
{
"status": "affected",
"version": "17.9.3a"
},
{
"status": "affected",
"version": "17.9.4"
},
{
"status": "affected",
"version": "17.9.5"
},
{
"status": "affected",
"version": "17.9.4a"
},
{
"status": "affected",
"version": "17.9.5a"
},
{
"status": "affected",
"version": "17.9.5b"
},
{
"status": "affected",
"version": "17.9.5e"
},
{
"status": "affected",
"version": "17.9.5f"
},
{
"status": "affected",
"version": "17.11.1"
},
{
"status": "affected",
"version": "17.11.1a"
},
{
"status": "affected",
"version": "17.12.1"
},
{
"status": "affected",
"version": "17.12.1a"
},
{
"status": "affected",
"version": "17.12.2"
},
{
"status": "affected",
"version": "17.12.3"
},
{
"status": "affected",
"version": "17.12.2a"
},
{
"status": "affected",
"version": "17.12.3a"
},
{
"status": "affected",
"version": "17.13.1"
},
{
"status": "affected",
"version": "17.13.1a"
},
{
"status": "affected",
"version": "17.14.1"
},
{
"status": "affected",
"version": "17.14.1a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the Internet Key Exchange version 1 (IKEv1) implementation of Cisco IOS XE Software could allow an authenticated, remote attacker to cause a denial of service (DoS) condition. The attacker must have valid IKEv1 VPN credentials to exploit this vulnerability.\r\n\r This vulnerability is due to improper validation of IKEv1 phase 2 parameters before the IPsec security association creation request is handed off to the hardware cryptographic accelerator of an affected device. An attacker could exploit this vulnerability by sending crafted IKEv1 messages to the affected device. A successful exploit could allow the attacker to cause the device to reload."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
},
"format": "cvssV3_1"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-232",
"description": "Improper Handling of Undefined Values",
"lang": "en",
"type": "cwe"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-07T17:36:16.366Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "cisco-sa-iosxe-ikev1-dos-XHk3HzFC",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-ikev1-dos-XHk3HzFC"
}
],
"source": {
"advisory": "cisco-sa-iosxe-ikev1-dos-XHk3HzFC",
"defects": [
"CSCwi26594"
],
"discovery": "INTERNAL"
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2025-20192",
"datePublished": "2025-05-07T17:36:16.366Z",
"dateReserved": "2024-10-10T19:15:13.226Z",
"dateUpdated": "2025-05-07T19:43:26.883Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-40775 (GCVE-0-2025-40775)
Vulnerability from cvelistv5
Published
2025-05-21 12:35
Modified
2025-05-23 13:11
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-232 - Improper Handling of Undefined Values
Summary
When an incoming DNS protocol message includes a Transaction Signature (TSIG), BIND always checks it. If the TSIG contains an invalid value in the algorithm field, BIND immediately aborts with an assertion failure.
This issue affects BIND 9 versions 9.20.0 through 9.20.8 and 9.21.0 through 9.21.7.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-40775",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-21T13:19:58.662181Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-21T13:20:18.795Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-05-23T13:11:08.588Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2025/05/21/1"
},
{
"url": "https://security.netapp.com/advisory/ntap-20250523-0001/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "BIND 9",
"vendor": "ISC",
"versions": [
{
"lessThanOrEqual": "9.20.8",
"status": "affected",
"version": "9.20.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "9.21.7",
"status": "affected",
"version": "9.21.0",
"versionType": "custom"
}
]
}
],
"datePublic": "2025-05-21T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "When an incoming DNS protocol message includes a Transaction Signature (TSIG), BIND always checks it. If the TSIG contains an invalid value in the algorithm field, BIND immediately aborts with an assertion failure.\nThis issue affects BIND 9 versions 9.20.0 through 9.20.8 and 9.21.0 through 9.21.7."
}
],
"exploits": [
{
"lang": "en",
"value": "This flaw was discovered in internal testing. We are not aware of any active exploits."
}
],
"impacts": [
{
"descriptions": [
{
"lang": "en",
"value": "Denial-of-service. By sending specific messages to the server, an attacker can cause `named` to terminate unexpectedly."
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-232",
"description": "CWE-232 Improper Handling of Undefined Values",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-21T12:35:01.862Z",
"orgId": "404fd4d2-a609-4245-b543-2c944a302a22",
"shortName": "isc"
},
"references": [
{
"name": "CVE-2025-40775",
"tags": [
"vendor-advisory"
],
"url": "https://kb.isc.org/docs/cve-2025-40775"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade to the patched release most closely related to your current version of BIND 9: 9.20.9 or 9.21.8."
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "DNS message with invalid TSIG causes an assertion failure",
"workarounds": [
{
"lang": "en",
"value": "No workarounds known."
}
]
}
},
"cveMetadata": {
"assignerOrgId": "404fd4d2-a609-4245-b543-2c944a302a22",
"assignerShortName": "isc",
"cveId": "CVE-2025-40775",
"datePublished": "2025-05-21T12:35:01.862Z",
"dateReserved": "2025-04-16T08:44:49.856Z",
"dateUpdated": "2025-05-23T13:11:08.588Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
No mitigation information available for this CWE.
No CAPEC attack patterns related to this CWE.