CVE-2012-4435

Published: Oct 22, 2012Modified: Apr 29, 2026

4.0

Vector

AV:N/AC:L/Au:S/C:N/I:N/A:P

Exploitability: 8.0 / Impact: 2.9

Source: NVD

Description

fwknop before 2.0.3 does not properly validate IP addresses, which allows remote authenticated users to cause a denial of service (server crash) via a long IP address.

Affected (3)

Products: Cipherdyne: Fwknop

Cipherdyne

1 product

Fwknop

Configuration A

3 vulnerable

Vulnerable Software	Affected Versions
Cipherdyne Fwknop	Up to 2.0.2
Cipherdyne Fwknop	Version 2.0.1
Cipherdyne Fwknop	Version 2.0

Related CWEs

CWE-20

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References (14)

http://www.cipherdyne.org/blog/2012/09/software-release-fwknop-2.0.3.html

Source: secalert@redhat.com

Vendor Advisory

http://www.cipherdyne.org/cgi-bin/gitweb.cgi?p=fwknop.git%3Ba=commitdiff%3Bh=263fa01f2af1d336961df320f1c7a9ea84ddac9a

Source: secalert@redhat.com

http://www.cipherdyne.org/cgi-bin/gitweb.cgi?p=fwknop.git%3Ba=commitdiff%3Bh=f4c16bc47fc24a96b63105556b62d61c1ba7d799

Source: secalert@redhat.com

http://www.openwall.com/lists/oss-security/2012/09/19/2

Source: secalert@redhat.com

http://www.openwall.com/lists/oss-security/2012/09/20/2

Source: secalert@redhat.com

http://www.openwall.com/lists/oss-security/2012/09/20/4

Source: secalert@redhat.com

https://exchange.xforce.ibmcloud.com/vulnerabilities/79568

Source: secalert@redhat.com

http://www.cipherdyne.org/blog/2012/09/software-release-fwknop-2.0.3.html