Search

Find a vulnerability

Search criteria

    2 vulnerabilities found for ElementalX by flar2

    CVE-2018-25062 (GCVE-0-2018-25062)

    Vulnerability from nvd – Published: 2023-01-01 08:15 – Updated: 2024-08-05 12:26
    VLAI
    Title
    flar2 ElementalX ipsec xfrm_user.c xfrm_dump_policy_done denial of service
    Summary
    A vulnerability classified as problematic has been found in flar2 ElementalX up to 6.x on Nexus 9. Affected is the function xfrm_dump_policy_done of the file net/xfrm/xfrm_user.c of the component ipsec. The manipulation leads to denial of service. Upgrading to version 7.00 is able to address this issue. The name of the patch is 1df72c9f0f61304437f4f1037df03b5fb36d5a79. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-217152.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    URL Tags
    https://vuldb.com/?id.217152 vdb-entrytechnical-description
    https://vuldb.com/?ctiid.217152 signaturepermissions-required
    https://github.com/flar2/ElementalX-N9/commit/1df… patch
    Impacted products
    Vendor Product Version
    flar2 ElementalX Affected: 6.x
    Create a notification for this product.
    Credits
    Mohamed Ghannam VulDB GitHub Commit Analyzer
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2018-25062",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-07-18T18:22:58.558207Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-07-18T18:23:05.198Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T12:26:39.637Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "vdb-entry",
                  "technical-description",
                  "x_transferred"
                ],
                "url": "https://vuldb.com/?id.217152"
              },
              {
                "tags": [
                  "signature",
                  "permissions-required",
                  "x_transferred"
                ],
                "url": "https://vuldb.com/?ctiid.217152"
              },
              {
                "tags": [
                  "patch",
                  "x_transferred"
                ],
                "url": "https://github.com/flar2/ElementalX-N9/commit/1df72c9f0f61304437f4f1037df03b5fb36d5a79"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "modules": [
                "ipsec"
              ],
              "product": "ElementalX",
              "vendor": "flar2",
              "versions": [
                {
                  "status": "affected",
                  "version": "6.x"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Mohamed Ghannam"
            },
            {
              "lang": "en",
              "type": "tool",
              "value": "VulDB GitHub Commit Analyzer"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability classified as problematic has been found in flar2 ElementalX up to 6.x on Nexus 9. Affected is the function xfrm_dump_policy_done of the file net/xfrm/xfrm_user.c of the component ipsec. The manipulation leads to denial of service. Upgrading to version 7.00 is able to address this issue. The name of the patch is 1df72c9f0f61304437f4f1037df03b5fb36d5a79. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-217152."
            },
            {
              "lang": "de",
              "value": "Es wurde eine problematische Schwachstelle in flar2 ElementalX bis 6.x f\u00fcr Nexus 9 entdeckt. Es geht dabei um die Funktion xfrm_dump_policy_done der Datei net/xfrm/xfrm_user.c der Komponente ipsec. Dank Manipulation mit unbekannten Daten kann eine denial of service-Schwachstelle ausgenutzt werden. Ein Aktualisieren auf die Version 7.00 vermag dieses Problem zu l\u00f6sen. Der Patch wird als 1df72c9f0f61304437f4f1037df03b5fb36d5a79 bezeichnet. Als bestm\u00f6gliche Massnahme wird das Einspielen eines Upgrades empfohlen."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 3.5,
                "baseSeverity": "LOW",
                "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 3.5,
                "baseSeverity": "LOW",
                "vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 2.3,
                "vectorString": "AV:A/AC:M/Au:S/C:N/I:N/A:P",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-404",
                  "description": "CWE-404 Denial of Service",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-10-20T12:14:06.877Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/?id.217152"
            },
            {
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/?ctiid.217152"
            },
            {
              "tags": [
                "patch"
              ],
              "url": "https://github.com/flar2/ElementalX-N9/commit/1df72c9f0f61304437f4f1037df03b5fb36d5a79"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2023-01-01T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2023-01-01T00:00:00.000Z",
              "value": "CVE reserved"
            },
            {
              "lang": "en",
              "time": "2023-01-01T01:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2023-01-26T15:42:17.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "flar2 ElementalX ipsec xfrm_user.c xfrm_dump_policy_done denial of service"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2018-25062",
        "datePublished": "2023-01-01T08:15:00.640Z",
        "dateReserved": "2023-01-01T08:13:18.047Z",
        "dateUpdated": "2024-08-05T12:26:39.637Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-25062 (GCVE-0-2018-25062)

    Vulnerability from cvelistv5 – Published: 2023-01-01 08:15 – Updated: 2024-08-05 12:26
    VLAI
    Title
    flar2 ElementalX ipsec xfrm_user.c xfrm_dump_policy_done denial of service
    Summary
    A vulnerability classified as problematic has been found in flar2 ElementalX up to 6.x on Nexus 9. Affected is the function xfrm_dump_policy_done of the file net/xfrm/xfrm_user.c of the component ipsec. The manipulation leads to denial of service. Upgrading to version 7.00 is able to address this issue. The name of the patch is 1df72c9f0f61304437f4f1037df03b5fb36d5a79. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-217152.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    URL Tags
    https://vuldb.com/?id.217152 vdb-entrytechnical-description
    https://vuldb.com/?ctiid.217152 signaturepermissions-required
    https://github.com/flar2/ElementalX-N9/commit/1df… patch
    Impacted products
    Vendor Product Version
    flar2 ElementalX Affected: 6.x
    Create a notification for this product.
    Credits
    Mohamed Ghannam VulDB GitHub Commit Analyzer
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2018-25062",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-07-18T18:22:58.558207Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-07-18T18:23:05.198Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T12:26:39.637Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "vdb-entry",
                  "technical-description",
                  "x_transferred"
                ],
                "url": "https://vuldb.com/?id.217152"
              },
              {
                "tags": [
                  "signature",
                  "permissions-required",
                  "x_transferred"
                ],
                "url": "https://vuldb.com/?ctiid.217152"
              },
              {
                "tags": [
                  "patch",
                  "x_transferred"
                ],
                "url": "https://github.com/flar2/ElementalX-N9/commit/1df72c9f0f61304437f4f1037df03b5fb36d5a79"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "modules": [
                "ipsec"
              ],
              "product": "ElementalX",
              "vendor": "flar2",
              "versions": [
                {
                  "status": "affected",
                  "version": "6.x"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Mohamed Ghannam"
            },
            {
              "lang": "en",
              "type": "tool",
              "value": "VulDB GitHub Commit Analyzer"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability classified as problematic has been found in flar2 ElementalX up to 6.x on Nexus 9. Affected is the function xfrm_dump_policy_done of the file net/xfrm/xfrm_user.c of the component ipsec. The manipulation leads to denial of service. Upgrading to version 7.00 is able to address this issue. The name of the patch is 1df72c9f0f61304437f4f1037df03b5fb36d5a79. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-217152."
            },
            {
              "lang": "de",
              "value": "Es wurde eine problematische Schwachstelle in flar2 ElementalX bis 6.x f\u00fcr Nexus 9 entdeckt. Es geht dabei um die Funktion xfrm_dump_policy_done der Datei net/xfrm/xfrm_user.c der Komponente ipsec. Dank Manipulation mit unbekannten Daten kann eine denial of service-Schwachstelle ausgenutzt werden. Ein Aktualisieren auf die Version 7.00 vermag dieses Problem zu l\u00f6sen. Der Patch wird als 1df72c9f0f61304437f4f1037df03b5fb36d5a79 bezeichnet. Als bestm\u00f6gliche Massnahme wird das Einspielen eines Upgrades empfohlen."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 3.5,
                "baseSeverity": "LOW",
                "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 3.5,
                "baseSeverity": "LOW",
                "vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 2.3,
                "vectorString": "AV:A/AC:M/Au:S/C:N/I:N/A:P",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-404",
                  "description": "CWE-404 Denial of Service",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-10-20T12:14:06.877Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/?id.217152"
            },
            {
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/?ctiid.217152"
            },
            {
              "tags": [
                "patch"
              ],
              "url": "https://github.com/flar2/ElementalX-N9/commit/1df72c9f0f61304437f4f1037df03b5fb36d5a79"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2023-01-01T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2023-01-01T00:00:00.000Z",
              "value": "CVE reserved"
            },
            {
              "lang": "en",
              "time": "2023-01-01T01:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2023-01-26T15:42:17.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "flar2 ElementalX ipsec xfrm_user.c xfrm_dump_policy_done denial of service"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2018-25062",
        "datePublished": "2023-01-01T08:15:00.640Z",
        "dateReserved": "2023-01-01T08:13:18.047Z",
        "dateUpdated": "2024-08-05T12:26:39.637Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }