CVE-2013-1428

Tinc < 1.0.20 - Memory Corruption

Title source: rule

Description

Stack-based buffer overflow in the receive_tcppacket function in net_packet.c in tinc before 1.0.21 and 1.1 before 1.1pre7 allows remote authenticated peers to cause a denial of service (crash) or possibly execute arbitrary code via a large TCP packet.

Exploits (2)

exploitdb WORKING POC VERIFIED

by Metasploit · rubyremotemultiple

https://www.exploit-db.com/exploits/35441

View Code ZIP pw:eip

metasploit WORKING POC NORMAL

by Tobias Ospelt, Martin Schobert · rubypocwin

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/vpn/tincd_bof.rb

View Code ZIP pw:eip

References (12)

[Third Party Advisory, VDB Entry] http://osvdb.org/92653

[Vendor Advisory] http://secunia.com/advisories/53087

[Vendor Advisory] http://secunia.com/advisories/53108

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/59369

[Various Sources] http://www.tinc-vpn.org/news/

[Vendor Advisory] http://www.tinc-vpn.org/pipermail/tinc/2013-April/003240.html

[Patch] https://github.com/gsliepen/tinc/commit/17a33dfd95b1a29e90db76414eb9622df9632320

[Release Notes] http://freecode.com/projects/tinc/releases/354122

[Mailing List, Third Party Advisory] http://lists.fedoraproject.org/pipermail/package-announce/2013-May/105531.html

[Mailing List, Third Party Advisory] http://lists.fedoraproject.org/pipermail/package-announce/2013-May/105559.html

[Mailing List, Third Party Advisory] http://lists.fedoraproject.org/pipermail/package-announce/2013-May/106167.html

[Third Party Advisory] http://www.debian.org/security/2013/dsa-2663

Scores

EPSS 0.6552

EPSS Percentile 98.5%

Details

CWE

CWE-119

Status published

Products (6)

tinc-vpn/tinc 1.0.17

tinc-vpn/tinc 1.0.18

tinc-vpn/tinc 1.0.19

tinc-vpn/tinc 1.1 pre3 (3 CPE variants)

tinc-vpn/tinc < 1.0.20

tinc-vpn/tinc < 1.1

Published Apr 26, 2013

Tracked Since Feb 18, 2026