GHSA-hqmp-g7ph-x543 – quincy

Package

Manager: cargo
Name: quincy
Vulnerable Version: >=0 <=0.13.0

Severity

Level: Medium

CVSS v3.1: CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

CVSS v4.0: CVSS:4.0/AV:A/AC:H/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

EPSS: N/A pctlN/A

Details

TunnelVision - decloaking VPNs using DHCP A new decloaking technique for nearly all VPN implementations has been found, which allows attackers to inject entries into the routing tables of unsuspecting victims using DHCP option 121. This allows attackers to redirect traffic, which is supposed to be sent encrypted over the VPN, through the physical interface handling DHCP for the network the victim's computer is connected to, effectively bypassing the VPN connection. ### Impact All users are potentially affected, as this attack vector can be used against _any_ VPN implementation without mitigations in place. ### Patches Currently, there are no existing mitigations employed by Quincy. ### Workarounds Disabling DHCP option 121 in the DHCP client is a potential workaround, as it prevents this kind of attack. ### References https://www.leviathansecurity.com/blog/tunnelvision

Metadata

Created: 2024-12-27T18:12:47Z
Modified: 2025-05-19T20:43:55Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/12/GHSA-hqmp-g7ph-x543/GHSA-hqmp-g7ph-x543.json
CWE IDs: ["CWE-200"]
Alternative ID: N/A
Finding: F308
Auto approve: 1