Nixpkgs security tracker
7.3 HIGH
- CVSS version: 3.1
- Attack vector (AV):
- Attack complexity (AC):
- Privileges required (PR):
- User interaction (UI):
- Scope (S):
- Confidentiality impact (C):
- Integrity impact (I):
- Availability impact (A):
by @LeSuisse Activity log
- Created suggestion
- @LeSuisse dismissed (not in Nixpkgs)
MikroTik RouterOS SCEP Endpoint scep.p ASN1_STRING_data out-of-bounds
A vulnerability was identified in MikroTik RouterOS 6.49.8. This vulnerability affects the function ASN1_STRING_data in the library nova/lib/www/scep.p of the component SCEP Endpoint. The manipulation of the argument transactionID/messageType leads to out-of-bounds read. The attack may be initiated remotely. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way.
References
-
VDB-360804 | MikroTik RouterOS SCEP Endpoint scep.p ASN1_STRING_data out-of-bounds vdb-entrytechnical-description
-
-
Submit #798623 | MikroTik RouterOS 6.49.8 Out-of-Bounds Read third-party-advisory
-
Affected products
- ==6.49.8
Matching in nixpkgs
pkgs.terraform-providers.routeros
None
pkgs.python312Packages.librouteros
Python implementation of the MikroTik RouterOS API
pkgs.python313Packages.librouteros
Python implementation of the MikroTik RouterOS API
pkgs.python314Packages.librouteros
Python implementation of the MikroTik RouterOS API
pkgs.python312Packages.routeros-api
Python API to RouterBoard devices produced by MikroTik
pkgs.python313Packages.routeros-api
Python API to RouterBoard devices produced by MikroTik
pkgs.python314Packages.routeros-api
Python API to RouterBoard devices produced by MikroTik
Package maintainers
-
@fabaff Fabian Affolter <mail@fabian-affolter.ch>
-
@quentinmit Quentin Smith <quentin@mit.edu>