CVE-2013-1428

tinc < 1.0.21 and 1.1 < 1.1pre7 - Authenticated Stack-Based Buffer Overflow via Large TCP Packet

Title source: llm

Exploitation Summary

EIP tracks 2 public exploits for CVE-2013-1428. PoCs published by Metasploit, Tobias Ospelt, Martin Schobert, including Metasploit module exploits/multi/vpn/tincd_bof.

AI-analyzed exploit summary This Metasploit module exploits a stack buffer overflow in Tinc's tincd service (CVE-2013-1428) to achieve remote code execution. It supports multiple platforms and includes ROP-based exploitation for systems with NX/ASLR protections.

Description

Stack-based buffer overflow in the receive_tcppacket function in net_packet.c in tinc before 1.0.21 and 1.1 before 1.1pre7 allows remote authenticated peers to cause a denial of service (crash) or possibly execute arbitrary code via a large TCP packet.

Exploits (2)

exploitdb WORKING POC VERIFIED

by Metasploit · rubyremotemultiple

https://www.exploit-db.com/exploits/35441

View Code ZIP pw:eip

This Metasploit module exploits a stack buffer overflow in Tinc's tincd service (CVE-2013-1428) to achieve remote code execution. It supports multiple platforms and includes ROP-based exploitation for systems with NX/ASLR protections.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Complex

Reliability

Reliable

Target: Tinc tincd <= 1.1pre6

Auth required

Prerequisites: Authenticated access to tincd service · Network access to TCP port 655

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 16, 2026 Full analysis →

metasploit WORKING POC NORMAL

by Tobias Ospelt, Martin Schobert · rubypocwin

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/vpn/tincd_bof.rb

View Code ZIP pw:eip

This Metasploit module exploits a stack buffer overflow in Tinc's tincd service (CVE-2013-1428) via a crafted TCP packet post-authentication, allowing arbitrary code execution. It includes ROP chains for various platforms and handles ASLR brute-forcing for ARM targets.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Complex

Reliability

Reliable

Target: Tinc tincd <= 1.1pre6

Auth required

Prerequisites: Authenticated access to tincd service · Network access to TCP port 655

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (12)

Core 12

Core References

Patch x_refsource_confirm

https://github.com/gsliepen/tinc/commit/17a33dfd95b1a29e90db76414eb9622df9632320

View Patch ZIP pw:eip

Mailing List, Third Party Advisory vendor-advisory x_refsource_fedora

http://lists.fedoraproject.org/pipermail/package-announce/2013-May/105559.html

Vendor Advisory mailing-list x_refsource_mlist

http://www.tinc-vpn.org/pipermail/tinc/2013-April/003240.html

Mailing List, Third Party Advisory vendor-advisory x_refsource_fedora

http://lists.fedoraproject.org/pipermail/package-announce/2013-May/106167.html

Various Sources x_refsource_confirm

http://www.tinc-vpn.org/news/

Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb

http://osvdb.org/92653

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/53087

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/53108

Third Party Advisory vendor-advisory x_refsource_debian

http://www.debian.org/security/2013/dsa-2663

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/59369

Mailing List, Third Party Advisory vendor-advisory x_refsource_fedora

http://lists.fedoraproject.org/pipermail/package-announce/2013-May/105531.html

Release Notes x_refsource_misc

http://freecode.com/projects/tinc/releases/354122

Scores

EPSS 0.6068

EPSS Percentile 99.0%

Details

CWE

CWE-119

Status published

Products (6)

tinc-vpn/tinc 1.0.17

tinc-vpn/tinc 1.0.18

tinc-vpn/tinc 1.0.19

tinc-vpn/tinc 1.1 pre3 (3 CPE variants)

tinc-vpn/tinc < 1.0.20

tinc-vpn/tinc < 1.1

Published Apr 26, 2013

Tracked Since Feb 18, 2026