Main Vulnerability Database Vulnerabilities #VU87725

#VU87725 Resource management error in UDP - CVE-2024-2169

Published: March 22, 2024 / Updated: April 5, 2024

Vulnerability identifier: #VU87725

Vulnerability risk: Medium

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P/U:Green

CVE-ID: CVE-2024-2169

CWE-ID: CWE-399

Exploitation vector: Remote access

Exploit availability: Public exploit is available

Vulnerable software:
UDP

Software vendor:
IETF

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to improper management of internal resources within the UDP implementation. An unauthenticated attacker can use maliciously-crafted packets against a UDP-based vulnerable implementation of application protocols (e.g., DNS, NTP, TFTP) that can lead to Denial-of-Service (DOS) and/or abuse of resources.

Remediation

This vulnerability is considered as patched since there is a way to protect your systems against this time of attack.

Network providers should deploy available anti-spoofing techniques (BCP38) such as Unicast Reverse Path Forwarding (uRPF) to prevent IP spoofing in protecting their internet-facing resources against spoofing and abuse.

External links

https://kb.cert.org/vuls/id/417980