The (1) i2pd before 2.17 and (2) kovri pre-alpha implementations of the I2P routing protocol do not properly handle Garlic DeliveryTypeTunnel packets, which allows remote attackers to obtain sensitive information from process memory via crafted packets that trigger a buffer over-read, as demonstrated by reading sensitive router memory, aka the GarlicRust bug.
References
Link | Resource |
---|---|
https://eyalitkin.wordpress.com/2017/12/04/cve-publication-garlicrust-cve-2017-17066/ | Issue Tracking Third Party Advisory |
https://hackerone.com/reports/291489 | Issue Tracking Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2017-12-05T09:00:00
Updated: 2017-12-06T18:57:01
Reserved: 2017-11-29T00:00:00
Link: CVE-2017-17066
JSON object: View
NVD Information
Status : Analyzed
Published: 2017-12-05T09:29:00.337
Modified: 2019-10-03T00:03:26.223
Link: CVE-2017-17066
JSON object: View
Redhat Information
No data.
CWE