Denial of Service (DoS)
Vulnerable module: scapy
Introduced through: scapy@2.4.0
Detailed paths
Introduced through: github/glb-director@github/glb-director#5e1edd0a0fe057320fc30f6ad850c9878c607882 › scapy@2.4.0
Remediation: Upgrade to scapy@2.4.1.
Overview
scapy is a Python-based interactive packet manipulation program and library.
Affected versions of this package are vulnerable to Denial of Service (DoS) due to a lack of input validation when reading the length field in the RADIUS packet’s Attribute Value Pairs (AVP). When Scapy parses a UDP Radius packet that has an AVP with a length byte equal to zero, the getfield function doesn’t shorten the remain value in the while loop.
Denial of Service (DoS) Vulnerable module: scapy Introduced through: scapy@2.4.0 Detailed paths Introduced through: github/glb-director@github/glb-director#5e1edd0a0fe057320fc30f6ad850c9878c607882 › scapy@2.4.0 Remediation: Upgrade to scapy@2.4.1. Overview scapy is a Python-based interactive packet manipulation program and library.
Affected versions of this package are vulnerable to Denial of Service (DoS) due to a lack of input validation when reading the length field in the RADIUS packet’s Attribute Value Pairs (AVP). When Scapy parses a UDP Radius packet that has an AVP with a length byte equal to zero, the getfield function doesn’t shorten the remain value in the while loop.