CVE-2013-1428

Severity CVSS v4.0:
Pending analysis
Type:
CWE-119 Buffer Errors
Publication date:
26/04/2013
Last modified:
11/04/2025

Description

Stack-based buffer overflow in the receive_tcppacket function in net_packet.c in tinc before 1.0.21 and 1.1 before 1.1pre7 allows remote authenticated peers to cause a denial of service (crash) or possibly execute arbitrary code via a large TCP packet.

Vulnerable products and versions

CPE From Up to
cpe:2.3:a:tinc-vpn:tinc:*:*:*:*:*:*:*:* 1.0.20 (including)
cpe:2.3:a:tinc-vpn:tinc:*:pre6:*:*:*:*:*:* 1.1 (including)
cpe:2.3:a:tinc-vpn:tinc:1.0.17:*:*:*:*:*:*:*
cpe:2.3:a:tinc-vpn:tinc:1.0.18:*:*:*:*:*:*:*
cpe:2.3:a:tinc-vpn:tinc:1.0.19:*:*:*:*:*:*:*
cpe:2.3:a:tinc-vpn:tinc:1.1:pre3:*:*:*:*:*:*
cpe:2.3:a:tinc-vpn:tinc:1.1:pre4:*:*:*:*:*:*
cpe:2.3:a:tinc-vpn:tinc:1.1:pre5:*:*:*:*:*:*