Jump to:

CVE-2017-17066

Jump to:

CVE-2017-17066

Package i2pd updated to version 2.18.0-alt1 for branch sisyphus in task 199917.

Published: 2017-12-05
Modified: 2024-11-21

CVE-2017-17066

The (1) i2pd before 2.17 and (2) kovri pre-alpha implementations of the I2P routing protocol do not properly handle Garlic DeliveryTypeTunnel packets, which allows remote attackers to obtain sensitive information from process memory via crafted packets that trigger a buffer over-read, as demonstrated by reading sensitive router memory, aka the GarlicRust bug.

Severity: HIGH (7.5) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

References:

https://eyalitkin.wordpress.com/2017/12/04/cve-publication-garlicrust-cve-2017-17066/
https://eyalitkin.wordpress.com/2017/12/04/cve-publication-garlicrust-cve-2017-17066/
https://hackerone.com/reports/291489
https://hackerone.com/reports/291489

Version: 2.1.0

Package i2pd update in sisyphus on 2024-04-05

ALT-PU-2018-3675-1

Closed vulnerabilities

CVE-2017-17066