CVE-2013-1428

Priority
Description
Stack-based buffer overflow in the receive_tcppacket function in
net_packet.c in tinc before 1.0.21 and 1.1 before 1.1pre7 allows remote
authenticated peers to cause a denial of service (crash) or possibly
execute arbitrary code via a large TCP packet.
Notes
Package
Source: tinc (LP Ubuntu Debian)
Upstream:released (1.0.19-3)
Ubuntu 12.04 ESM (Precise Pangolin):DNE (precise was needed)
Ubuntu 14.04 ESM (Trusty Tahr):DNE (trusty was not-affected [1.0.23-2])
Ubuntu 16.04 LTS (Xenial Xerus):not-affected (1.0.23-2)
Patches:
Vendor:http://www.debian.org/security/2013/dsa-2663
This vulnerability is mitigated in part by the use of gcc's stack protector in Ubuntu. For more details see https://wiki.ubuntu.com/Security/Features#stack-protector
More Information

Updated: 2019-12-05 21:03:01 UTC (commit 0aa5e7c87c8b55d2ec5c7f4ca1179cf75de91961)