First published: Fri Jul 19 2019(Updated: )
scapy 2.4.0 is affected by: Denial of Service. The impact is: infinite loop, resource consumption and program unresponsive. The component is: _RADIUSAttrPacketListField.getfield(self..). The attack vector is: over the network or in a pcap. both work.
Credit: josh@bress.net josh@bress.net
Affected Software | Affected Version | How to fix |
---|---|---|
pip/scapy | >=2.4-rc1<2.4.1 | 2.4.1 |
Scapy Scapy | =2.4.0 | |
Fedoraproject Fedora | =29 | |
Fedoraproject Fedora | =30 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The severity of CVE-2019-1010142 is high with a severity value of 7.5.
CVE-2019-1010142 results in a denial of service vulnerability in scapy, causing an infinite loop and resource consumption, rendering the program unresponsive.
The affected component in CVE-2019-1010142 is `_RADIUSAttrPacketListField.getfield(self..)`.
CVE-2019-1010142 can be exploited over the network or in a pcap file.
To remediate CVE-2019-1010142, you need to upgrade scapy to version 2.4.1 or higher.