CVE-2013-0342 – pyrad

Package

Manager: pip
Name: pyrad
Vulnerable Version: >=0 <2.1

Severity

Level: Medium

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

EPSS: 0.0129 pctl0.78886

Details

pyrad uses sequential packet IDs The CreateID function in packet.py in pyrad before 2.1 uses sequential packet IDs, which makes it easier for remote attackers to spoof packets by predicting the next ID, a different vulnerability than CVE-2013-0294.

Metadata

Created: 2022-05-05T00:29:09Z
Modified: 2024-10-24T21:51:16Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-w4px-9pgm-p2f3/GHSA-w4px-9pgm-p2f3.json
CWE IDs: ["CWE-20"]
Alternative ID: GHSA-w4px-9pgm-p2f3
Finding: F184
Auto approve: 1