CVE-2020-27638 — HIGH (7.5)

Q: What is CVE-2020-27638?

CVE-2020-27638 is a vulnerability with a CVSS score of 7.5 (HIGH). receive.c in fastd before v21 allows denial of service (assertion failure) when receiving packets with an invalid type code.

Q: How severe is CVE-2020-27638?

CVE-2020-27638 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2020-27638?

Check the references section above for vendor advisories and patch information. Affected products include: Fastd Project Fastd, Debian Debian Linux, Fedoraproject Fedora.

Vulnerability Description

receive.c in fastd before v21 allows denial of service (assertion failure) when receiving packets with an invalid type code.

CVSS Score

7.5

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

NONE

Integrity

NONE

Availability

HIGH

Affected Products

Vendor	Product	Versions
Fastd Project	Fastd	< 21.0
Debian	Debian Linux	9.0
Fedoraproject	Fedora	31

Related Weaknesses (CWE)

CWE-617

References

https://bugs.debian.org/972521Issue TrackingThird Party Advisory
https://fastd.readthedocs.io/en/stable/releases/v21.htmlBroken LinkRelease NotesThird Party Advisory
https://github.com/NeoRaider/fastd/commit/737925113363b6130879729cdff9ccc46c33eaPatchThird Party Advisory
https://lists.debian.org/debian-lts-announce/2020/10/msg00025.htmlMailing ListThird Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
https://bugs.debian.org/972521Issue TrackingThird Party Advisory
https://fastd.readthedocs.io/en/stable/releases/v21.htmlBroken LinkRelease NotesThird Party Advisory
https://github.com/NeoRaider/fastd/commit/737925113363b6130879729cdff9ccc46c33eaPatchThird Party Advisory
https://lists.debian.org/debian-lts-announce/2020/10/msg00025.htmlMailing ListThird Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro

FAQ

What is CVE-2020-27638?

CVE-2020-27638 is a vulnerability with a CVSS score of 7.5 (HIGH). receive.c in fastd before v21 allows denial of service (assertion failure) when receiving packets with an invalid type code.

How severe is CVE-2020-27638?

CVE-2020-27638 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2020-27638?

Check the references section above for vendor advisories and patch information. Affected products include: Fastd Project Fastd, Debian Debian Linux, Fedoraproject Fedora.