You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Denial of Service (DoS)
Vulnerable module: scapy
Introduced through: [email protected]
Detailed paths
Introduced through: github/glb-director@github/glb-director#5e1edd0a0fe057320fc30f6ad850c9878c607882 › [email protected]
Remediation: Upgrade to [email protected].
Overview
scapy is a Python-based interactive packet manipulation program and library.
Affected versions of this package are vulnerable to Denial of Service (DoS) due to a lack of input validation when reading the length field in the RADIUS packet’s Attribute Value Pairs (AVP). When Scapy parses a UDP Radius packet that has an AVP with a length byte equal to zero, the getfield function doesn’t shorten the remain value in the while loop. This causes the loop to continue forever, causing Scapy to crash.
The text was updated successfully, but these errors were encountered:
Denial of Service (DoS)
Vulnerable module: scapy
Introduced through: [email protected]
Detailed paths
Introduced through: github/glb-director@github/glb-director#5e1edd0a0fe057320fc30f6ad850c9878c607882 › [email protected]
Remediation: Upgrade to [email protected].
Overview
scapy is a Python-based interactive packet manipulation program and library.
Affected versions of this package are vulnerable to Denial of Service (DoS) due to a lack of input validation when reading the length field in the RADIUS packet’s Attribute Value Pairs (AVP). When Scapy parses a UDP Radius packet that has an AVP with a length byte equal to zero, the getfield function doesn’t shorten the remain value in the while loop. This causes the loop to continue forever, causing Scapy to crash.
The text was updated successfully, but these errors were encountered: