CVE-2002-0666 — WAN vulnerability

2 documents2 sources

Severity

5.0MEDIUMNVD

EPSS

0.7%

top 27.00%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apple MAC OS X Apple MAC OS X Server Freebsd +3 more

Timeline

PublishedNov 4

Latest updateMay 3

Description

IPSEC implementations including (1) FreeS/WAN and (2) KAME do not properly calculate the length of authentication data, which allows remote attackers to cause a denial of service (kernel panic) via spoofed, short Encapsulating Security Payload (ESP) packets, which result in integer signedness errors.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages4 packages

▶NVDfrees_wan/frees_wan7 versions+6

▶NVDapple/mac_os_x10.2

▶NVDapple/mac_os_x_server10.2

▶NVDglobal_technology_associates/gnat_box_firmware3.1, 3.2, 3.3+2

Also affects: Netbsd 1.5, 1.5.1, 1.5.2, 1.5.3, 1.6, Freebsd 4.6

🔴Vulnerability Details

GHSA

GHSA-p32c-ffc2-42q3: IPSEC implementations including (1) FreeS/WAN and (2) KAME do not properly calculate the length of authentication data, which allows remote attackers↗2022-05-03

▶