VYPR

Iptables

by Netfilter

CVEs (5)

  • CVE-2002-0704HigJul 26, 2002
    risk 0.49cvss 7.5epss 0.03

    The Network Address Translation (NAT) capability for Netfilter ("iptables") 1.2.6a and earlier leaks translated IP addresses in ICMP error messages.

  • CVE-2019-11360Jul 12, 2019
    risk 0.00cvss epss 0.02

    A buffer overflow in iptables-restore in netfilter iptables 1.8.2 allows an attacker to (at least) crash the program or potentially gain code execution via a specially crafted iptables-save file. This is related to add_param_to_argv in xshared.c.

  • CVE-2012-2663Feb 15, 2014
    risk 0.00cvss epss 0.03

    extensions/libxt_tcp.c in iptables through 1.4.21 does not match TCP SYN+FIN packets in --syn rules, which might allow remote attackers to bypass intended firewall restrictions via crafted packets. NOTE: the CVE-2012-6638 fix makes this issue less relevant.

  • CVE-2001-1387Nov 5, 2001
    risk 0.00cvss epss 0.00

    iptables-save in iptables before 1.2.4 records the "--reject-with icmp-host-prohibited" rule as "--reject-with tcp-reset," which causes iptables to generate different responses than specified by the administrator, possibly leading to an information leak.

  • CVE-2001-1388Nov 5, 2001
    risk 0.00cvss epss 0.01

    iptables before 1.2.4 does not accurately convert rate limits that are specified on the command line, which could allow attackers or users to generate more or less traffic than intended by the administrator.