CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
EPSS
Percentile
90.3%
Multiple integer overflows in Dibbler 0.6.0 allow remote attackers to cause
a denial of service (daemon crash) via packets containing options with
large lengths, which trigger attempts at excessive memory allocation, as
demonstrated by (1) the TSrvMsg constructor in SrvMessages/SrvMsg.cpp; the
(2) TClntMsg, (3) TClntOptIAAddress, (4) TClntOptIAPrefix, (5)
TOptVendorSpecInfo, and (6) TOptOptionRequest constructors; and the (7)
TRelIfaceMgr::decodeRelayRepl, (8) TRelMsg::decodeOpts, and (9)
TSrvIfaceMgr::decodeRelayForw methods.