Vulnerability Description
scapy 2.4.0 is affected by: Denial of Service. The impact is: infinite loop, resource consumption and program unresponsive. The component is: _RADIUSAttrPacketListField.getfield(self..). The attack vector is: over the network or in a pcap. both work.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Scapy | Scapy | 2.4.0 |
| Fedoraproject | Fedora | 29 |
Related Weaknesses (CWE)
References
- http://www.securityfocus.com/bid/106674Broken LinkThird Party AdvisoryVDB Entry
- https://github.com/secdev/scapy/pull/1409PatchThird Party Advisory
- https://github.com/secdev/scapy/pull/1409/files#diff-441eff981e466959968111fc631PatchThird Party Advisory
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
- https://www.imperva.com/blog/scapy-sploit-python-network-tool-is-vulnerable-to-dExploitPatchThird Party Advisory
- http://www.securityfocus.com/bid/106674Broken LinkThird Party AdvisoryVDB Entry
- https://github.com/secdev/scapy/pull/1409PatchThird Party Advisory
- https://github.com/secdev/scapy/pull/1409/files#diff-441eff981e466959968111fc631PatchThird Party Advisory
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
- https://www.imperva.com/blog/scapy-sploit-python-network-tool-is-vulnerable-to-dExploitPatchThird Party Advisory
FAQ
What is CVE-2019-1010142?
CVE-2019-1010142 is a vulnerability with a CVSS score of 7.5 (HIGH). scapy 2.4.0 is affected by: Denial of Service. The impact is: infinite loop, resource consumption and program unresponsive. The component is: _RADIUSAttrPacketListField.getfield(self..). The attack ve...
How severe is CVE-2019-1010142?
CVE-2019-1010142 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2019-1010142?
Check the references section above for vendor advisories and patch information. Affected products include: Scapy Scapy, Fedoraproject Fedora.