Tinc
by Tinc
Source repositories
CVEs (6)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2013-1428 | 0.01 | — | 0.61 | Apr 26, 2013 | Stack-based buffer overflow in the receive_tcppacket function in net_packet.c in tinc before 1.0.21 and 1.1 before 1.1pre7 allows remote authenticated peers to cause a denial of service (crash) or possibly execute arbitrary code via a large TCP packet. | |||
| CVE-2018-16738 | 0.00 | — | 0.01 | Oct 10, 2018 | tinc 1.0.30 through 1.0.34 has a broken authentication protocol, although there is a partial mitigation. This is fixed in 1.1. | |||
| CVE-2018-16737 | 0.00 | — | 0.01 | Oct 10, 2018 | tinc before 1.0.30 has a broken authentication protocol, without even a partial mitigation. | |||
| CVE-2018-16758 | 0.00 | — | 0.01 | Oct 10, 2018 | Missing message authentication in the meta-protocol in Tinc VPN version 1.0.34 and earlier allows a man-in-the-middle attack to disable the encryption of VPN packets. | |||
| CVE-2002-1755 | 0.00 | — | 0.01 | Dec 31, 2002 | tinc 1.0pre3 and 1.0pre4 VPN does not authenticate forwarded packets, which allows remote attackers to inject data into user sessions without detection, and possibly control the data contents via cut-and-paste attacks on CBC. | |||
| CVE-2001-1505 | 0.00 | — | 0.01 | Dec 31, 2001 | tinc 1.0pre3 and 1.0pre4 allows remote attackers to inject data into user sessions by sniffing and replaying packets. |
- CVE-2013-1428Apr 26, 2013risk 0.01cvss —epss 0.61
Stack-based buffer overflow in the receive_tcppacket function in net_packet.c in tinc before 1.0.21 and 1.1 before 1.1pre7 allows remote authenticated peers to cause a denial of service (crash) or possibly execute arbitrary code via a large TCP packet.
- CVE-2018-16738Oct 10, 2018risk 0.00cvss —epss 0.01
tinc 1.0.30 through 1.0.34 has a broken authentication protocol, although there is a partial mitigation. This is fixed in 1.1.
- CVE-2018-16737Oct 10, 2018risk 0.00cvss —epss 0.01
tinc before 1.0.30 has a broken authentication protocol, without even a partial mitigation.
- CVE-2018-16758Oct 10, 2018risk 0.00cvss —epss 0.01
Missing message authentication in the meta-protocol in Tinc VPN version 1.0.34 and earlier allows a man-in-the-middle attack to disable the encryption of VPN packets.
- CVE-2002-1755Dec 31, 2002risk 0.00cvss —epss 0.01
tinc 1.0pre3 and 1.0pre4 VPN does not authenticate forwarded packets, which allows remote attackers to inject data into user sessions without detection, and possibly control the data contents via cut-and-paste attacks on CBC.
- CVE-2001-1505Dec 31, 2001risk 0.00cvss —epss 0.01
tinc 1.0pre3 and 1.0pre4 allows remote attackers to inject data into user sessions by sniffing and replaying packets.