Tinc-Vpn Tinc vulnerabilities
4 known vulnerabilities affecting tinc-vpn/tinc.
Total CVEs
4
CISA KEV
0
Public exploits
1
Exploited in wild
0
Severity breakdown
MEDIUM3LOW1
Vulnerabilities
Page 1 of 1
CVE-2018-16758MEDIUMCVSS 5.9≤ 1.0.342018-10-10
CVE-2018-16758 [MEDIUM] CWE-306 CVE-2018-16758: Missing message authentication in the meta-protocol in Tinc VPN version 1.0.34 and earlier allows a
Missing message authentication in the meta-protocol in Tinc VPN version 1.0.34 and earlier allows a man-in-the-middle attack to disable the encryption of VPN packets.
nvd
CVE-2018-16737MEDIUMCVSS 5.3fixed in 1.0.302018-10-10
CVE-2018-16737 [MEDIUM] CWE-287 CVE-2018-16737: tinc before 1.0.30 has a broken authentication protocol, without even a partial mitigation.
tinc before 1.0.30 has a broken authentication protocol, without even a partial mitigation.
nvd
CVE-2018-16738LOWCVSS 3.7≥ 1.0.30, ≤ 1.0.342018-10-10
CVE-2018-16738 [LOW] CWE-287 CVE-2018-16738: tinc 1.0.30 through 1.0.34 has a broken authentication protocol, although there is a partial mitigat
tinc 1.0.30 through 1.0.34 has a broken authentication protocol, although there is a partial mitigation. This is fixed in 1.1.
nvd
CVE-2013-1428MEDIUMCVSS 6.5PoC≤ 1.0.20≤ 1.1+4 more2013-04-26
CVE-2013-1428 [MEDIUM] CWE-119 CVE-2013-1428: Stack-based buffer overflow in the receive_tcppacket function in net_packet.c in tinc before 1.0.21
Stack-based buffer overflow in the receive_tcppacket function in net_packet.c in tinc before 1.0.21 and 1.1 before 1.1pre7 allows remote authenticated peers to cause a denial of service (crash) or possibly execute arbitrary code via a large TCP packet.
nvd