VU#417980: UDP-based, application-layer protocol implementations are vulnerable to network loops | allinfosecnews.com

March 19, 2024, 7:49 p.m. |

CERT Recently Published Vulnerability Notes kb.cert.org

Overview

A novel traffic-loop vulnerability has been identified against certain implementations of UDP-based applications protocols. An unauthenticated attacker can use maliciously-crafted packets against a UDP-based vulnerable implementation of application protocols (e.g., DNS, NTP, TFTP) that can lead to Denial-of-Service (DOS) and/or abuse of resources.

Description

The User Datagram Protocol (UDP) is a simple, connectionless protocol that is still commonly used in many internet-based applications. UDP has a limited packet-verification capability and is susceptible to IP spoofing. Security researchers …

abuse application applications attacker can dns dos implementation loop network novel ntp packets protocol protocols resources service traffic udp unauthenticated vulnerability vulnerable

More from kb.cert.org / CERT Recently Published Vulnerability Notes

VU#163057: BMC software fails to validate IPMI session. 2 weeks, 4 days ago | kb.cert.org

abuse access attacker baseboard management controller +17

VU#238194: R Programming Language implementations are vulnerable to arbitrary code execution during deserialization of .rds … 2 weeks, 5 days ago | kb.cert.org

arbitrary code arbitrary code execution attacker can +15

VU#253266: Keras 2 Lambda Layers Allow Arbitrary Code Injection in TensorFlow Models 1 month ago | kb.cert.org

application arbitrary code attacker attackers +14

VU#123335: Multiple Programming Languages Fail to Escape Arguments Properly in Microsoft Windows 1 month, 1 week ago | kb.cert.org

arbitrary code attackers cases code +15

VU#155143: Linux kernel on Intel systems is susceptible to Spectre v2 attacks 1 month, 1 week ago | kb.cert.org

architectures attacker attacks bhi +20

VU#421644: HTTP/2 CONTINUATION frames can be utilized for DoS attacks 1 month, 2 weeks ago | kb.cert.org

attacks can dos fragments +6

VU#417980: UDP-based, application-layer protocol implementations are vulnerable to network loops 1 month, 4 weeks ago | kb.cert.org

abuse application applications attacker +18

VU#488902: CPU hardware utilizing speculative execution may be vulnerable to speculative race conditions 2 months ago | kb.cert.org

architectures attacker can conditions +13

VU#949046: Sceiner firmware locks and associated devices are vulnerable to encryption downgrade and arbitrary file … 2 months, 1 week ago | kb.cert.org

app attacks bluetooth called +11

Information Security Engineers

@ D. E. Shaw Research | New York City

View on infosec-jobs.com

Technology Security Analyst

@ Halton Region | Oakville, Ontario, Canada

View on infosec-jobs.com

Senior Cyber Security Analyst

@ Valley Water | San Jose, CA

View on infosec-jobs.com

Sr. Staff Firmware Engineer – Networking & Firewall

@ Axiado | Bengaluru, India

View on infosec-jobs.com

Compliance Architect / Product Security Sr. Engineer/Expert (f/m/d)

@ SAP | Walldorf, DE, 69190

View on infosec-jobs.com

SAP Security Administrator

@ FARO Technologies | EMEA-Portugal

View on infosec-jobs.com