DEBIAN-CVE-2025-24356
- Source
- https://security-tracker.debian.org/tracker/CVE-2025-24356
- Import Source
- https://storage.googleapis.com/osv-test-debian-osv/debian-cve-osv/DEBIAN-CVE-2025-24356.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/DEBIAN-CVE-2025-24356
- Upstream
- Published
- 2025-01-27T18:15:41.347Z
- Modified
- 2025-11-17T04:32:16.936872Z
- Severity
-
- 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
- Summary
- [none]
- Details
-
fastd is a VPN daemon which tunnels IP packets and Ethernet frames over UDP. When receiving a data packet from an unknown IP address/port combination, fastd will assume that one of its connected peers has moved to a new address and initiate a reconnect by sending a handshake packet. This "fast reconnect" avoids having to wait for a session timeout (up to ~90s) until a new connection is established. Even a 1-byte UDP packet just containing the fastd packet type header can trigger a much larger handshake packet (~150 bytes of UDP payload). Including IPv4 and UDP headers, the resulting amplification factor is roughly 12-13. By sending data packets with a spoofed source address to fastd instances reachable on the internet, this amplification of UDP traffic might be used to facilitate a Distributed Denial of Service attack. This vulnerability is fixed in v23.
- References
Affected packages
Debian:11 / fastd
Package
- Name
- fastd
- Purl
- pkg:deb/debian/fastd?arch=source
Debian:12 / fastd
Package
- Name
- fastd
- Purl
- pkg:deb/debian/fastd?arch=source
Debian:13 / fastd
Package
- Name
- fastd
- Purl
- pkg:deb/debian/fastd?arch=source
Debian:14 / fastd
Package
- Name
- fastd
- Purl
- pkg:deb/debian/fastd?arch=source