CVE-2013-1428
Description
Stack-based buffer overflow in the receive_tcppacket function in net_packet.c in tinc before 1.0.21 and 1.1 before 1.1pre7 allows remote authenticated peers to cause a denial of service (crash) or possibly execute arbitrary code via a large TCP packet.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
8cpe:2.3:a:tinc-vpn:tinc:*:*:*:*:*:*:*:*+ 7 more
- cpe:2.3:a:tinc-vpn:tinc:*:*:*:*:*:*:*:*range: <=1.0.20
- cpe:2.3:a:tinc-vpn:tinc:1.0.17:*:*:*:*:*:*:*
- cpe:2.3:a:tinc-vpn:tinc:1.0.18:*:*:*:*:*:*:*
- cpe:2.3:a:tinc-vpn:tinc:1.0.19:*:*:*:*:*:*:*
- cpe:2.3:a:tinc-vpn:tinc:1.1:pre3:*:*:*:*:*:*
- cpe:2.3:a:tinc-vpn:tinc:1.1:pre4:*:*:*:*:*:*
- cpe:2.3:a:tinc-vpn:tinc:1.1:pre5:*:*:*:*:*:*
- cpe:2.3:a:tinc-vpn:tinc:*:pre6:*:*:*:*:*:*range: <=1.1
Patches
Vulnerability mechanics
Root cause
"A stack-based buffer overflow occurs in the receive_tcppacket function when handling large TCP packets."
Attack vector
A remote authenticated peer can send a large TCP packet to the vulnerable `tincd` service. This oversized packet triggers a buffer overflow in the `receive_tcppacket` function within `net_packet.c`. The overflow can lead to a denial of service by crashing the service, or potentially allow for arbitrary code execution [ref_id=1].
Affected code
The vulnerability resides in the `receive_tcppacket` function located in the `net_packet.c` file. This function is responsible for handling incoming TCP packets. The overflow occurs due to insufficient bounds checking when processing these packets.
What the fix does
The patch, identified by [patch_id=880], addresses the stack-based buffer overflow vulnerability. While the specific code changes are not detailed in the provided information, the fix is intended to properly validate the size of incoming TCP packets before they are processed, preventing the overflow condition in the `receive_tcppacket` function. This ensures that data is not written beyond the allocated buffer boundaries.
Preconditions
- authThe attacker must be an authenticated peer to the `tincd` service.
- networkThe attacker must be able to send network packets to the `tincd` service.
Generated on Jun 2, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
12- secunia.com/advisories/53087nvdVendor Advisory
- secunia.com/advisories/53108nvdVendor Advisory
- www.tinc-vpn.org/pipermail/tinc/2013-April/003240.htmlnvdVendor Advisory
- freecode.com/projects/tinc/releases/354122nvd
- lists.fedoraproject.org/pipermail/package-announce/2013-May/105531.htmlnvd
- lists.fedoraproject.org/pipermail/package-announce/2013-May/105559.htmlnvd
- lists.fedoraproject.org/pipermail/package-announce/2013-May/106167.htmlnvd
- osvdb.org/92653nvd
- www.debian.org/security/2013/dsa-2663nvd
- www.securityfocus.com/bid/59369nvd
- www.tinc-vpn.org/news/nvd
- github.com/gsliepen/tinc/commit/17a33dfd95b1a29e90db76414eb9622df9632320nvd
News mentions
0No linked articles in our index yet.