Skip to content

Crash in UDP proxy when datagram size is > 1500

High
mattklein123 published GHSA-282m-p723-vvxf Dec 17, 2020

Package

No package listed

Affected versions

1.16.0, 1.15.2, 1.14.5 and 1.13.6 and earlier

Patched versions

1.16.1, 1.15.3, 1.14.6 and 1.13.7

Description

Vulnerability type

NULL Pointer Dereference

Attack type

Remote

Impact

Denial of Service, crash.

Description

Crash in UDP proxy when datagram size is > 1500. This can happen if either MTU > 1500 or if fragmented datagrams are forwarded and reassembled.

References

#14113
#14122

Credit

Zhongxian Pan, Tencent

Severity

High

CVE ID

CVE-2020-35471

Weaknesses

No CWEs