Improper input validation in Litech Router_advertisement_daemon

CVE-2011-3605

The process_rs function in the router advertisement daemon (radvd) before 1.8.2, when UnicastOnly is enabled, allows remote attackers to cause a denial of service (temporary service hang) via a large number of ND_ROUTER_SOLICIT requests.

Vulnerability class: Drupalgeddon 2 (CVE-2018-7600)

EPSS: 0.005 (66.9th percentile) — read the EPSS interpretation.

Affected products

Litech Router_advertisement_daemon
N/a — versions n/a

Weakness classification (CWE)

CWE-20 — Improper Input Validation

References

[oss-security] 20111007 radvd 1.8.2 released with security fixes (mailing-list, x_refsource_MLIST)
DSA-2323 (vendor-advisory, x_refsource_DEBIAN)
secalert@redhat.com (x_refsource_CONFIRM)
USN-1257-1 (x_refsource_UBUNTU, vendor-advisory)