CVE-2017-17066
Last modified
CVE-2017-17066 is a vulnerability of currently unknown severity. The (1) i2pd before 2.17 and (2) kovri pre-alpha implementations of the I2P routing protocol do not properly handle Garlic DeliveryTypeTunnel packets, which allows remote attackers to obtain sensitive information from process memory via crafted packets that trigger a buffer over-read, as demonstrated by reading sensitive router memory, aka the GarlicRust bug.. EPSS estimates a 2.22% chance of exploitation in the next 30 days.
Description
The (1) i2pd before 2.17 and (2) kovri pre-alpha implementations of the I2P routing protocol do not properly handle Garlic DeliveryTypeTunnel packets, which allows remote attackers to obtain sensitive information from process memory via crafted packets that trigger a buffer over-read, as demonstrated by reading sensitive router memory, aka the GarlicRust bug.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Getkovri | Kovri | All versions |
| I2pd | I2pd | <= 2.16.0 |
References
- https://eyalitkin.wordpress.com/2017/12/04/cve-publication-garlicrust-cve-2017-17066/Issue Tracking, Third Party Advisory
- https://hackerone.com/reports/291489Issue Tracking, Third Party Advisory
- https://eyalitkin.wordpress.com/2017/12/04/cve-publication-garlicrust-cve-2017-17066/Issue Tracking, Third Party Advisory
- https://hackerone.com/reports/291489Issue Tracking, Third Party Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2017-17066?
How severe is CVE-2017-17066?
How do I fix CVE-2017-17066?
Are you affected by CVE-2017-17066?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST