CVE-2023-36325

{"id": "CVE-2023-36325", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 3.7, "attackVector": "NETWORK", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 2.2}]}, "published": "2024-10-09T06:15:11.303", "references": [{"url": "https://geti2p.net/en/blog/post/2023/06/25/new_release_2.3.0", "source": "cve@mitre.org"}, {"url": "https://i2pgit.org/i2p-hackers/i2p.i2p/-/commit/82aa4e19fbb37ca1bd752ec1b836120beec0985f", "source": "cve@mitre.org"}, {"url": "https://xeiaso.net/blog/CVE-2023-36325", "source": "cve@mitre.org"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-203"}]}], "descriptions": [{"lang": "en", "value": "i2p before 2.3.0 (Java) allows de-anonymizing the public IPv4 and IPv6 addresses of i2p hidden services (aka eepsites) via a correlation attack across the IPv4 and IPv6 addresses that occurs when a tunneled, replayed message has a behavior discrepancy (it may be dropped, or may result in a Wrong Destination response). An attack would take days to complete."}, {"lang": "es", "value": "i2p anterior a la versi\u00f3n 2.3.0 (Java) permite desanonimizar las direcciones IPv4 e IPv6 p\u00fablicas de los servicios ocultos de i2p (tambi\u00e9n conocidos como eepsites) mediante un ataque de correlaci\u00f3n entre las direcciones IPv4 e IPv6 que se produce cuando un mensaje tunelizado y reproducido tiene una discrepancia de comportamiento (puede descartarse o puede dar como resultado una respuesta de destino incorrecto). Un ataque tardar\u00eda d\u00edas en completarse."}], "lastModified": "2024-11-04T22:35:00.740", "sourceIdentifier": "cve@mitre.org"}