CVE-2017-17066

Vulnerability

The vulnerability resides in the handling of Garlic DeliveryTypeTunnel packets in the C++ I2P implementations i2pd (before version 2.17) and kovri (pre-alpha). When a garlic message is decrypted, the router parses inner cloves by delivery type; a buffer over-read occurs due to insufficient bounds checking. This is a logical flaw similar to Heartbleed, present in the HandleGarlicPayload function [1].

Exploitation

An attacker needs no authentication and can be remote. By sending specially crafted Garlic DeliveryTypeTunnel packets, the attacker triggers the over-read, causing the router to read beyond the intended buffer and return adjacent memory contents in subsequent protocol exchanges. The attack does not require user interaction or special network position [1].

Impact

Successful exploitation leaks sensitive information from the router's process memory, including cryptographic keys, router identities, and other confidential data. This compromises the confidentiality of the I2P node and potentially the anonymity of its users. The impact is similar to Heartbleed, enabling information disclosure at a high severity [1].

Mitigation

i2pd users should upgrade to version 2.17 or later, which contains the fix. Kovri is pre-alpha; no specific fixed version is mentioned, but users should update to the latest development snapshot. No workaround besides patching is known [1].