CVE-2019-1010142 : scapy 2.4.0 is affected by: Denial of Service. The impact is: infinite loop, res

scapy 2.4.0 is affected by: Denial of Service. The impact is: infinite loop, resource consumption and program unresponsive. The component is: _RADIUSAttrPacketListField.getfield(self..). The attack vector is: over the network or in a pcap. both work.

Published 2019-07-19 16:15:12

Updated 2023-03-01 16:39:15

Source DWF

View at NVD, CVE.org

Vulnerability category: Denial of service

Products affected by CVE-2019-1010142

Fedoraproject » Fedora » Version: 29
cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*
Matching versions
Fedoraproject » Fedora » Version: 30
cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*
Matching versions
Scapy » Scapy » Version: 2.4.0
cpe:2.3:a:scapy:scapy:2.4.0:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2019-1010142

EPSS FAQ

1.93%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 82 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2019-1010142

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
5.0	MEDIUM	AV:N/AC:L/Au:N/C:N/I:N/A:P	10.0	2.9	NIST
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: None Integrity Impact: None Availability Impact: Partial
7.5	HIGH	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H	3.9	3.6	NIST
Attack Vector: Network Attack Complexity: Low Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality: None Integrity: None Availability: High

CWE ids for CVE-2019-1010142

CWE-835 Loop with Unreachable Exit Condition ('Infinite Loop')

The product contains an iteration or loop with an exit condition that cannot be reached, i.e., an infinite loop.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2019-1010142

https://www.imperva.com/blog/scapy-sploit-python-network-tool-is-vulnerable-to-denial-of-service-dos-attack-cve-pending/

Scapy-sploit: Python Network Tool is Vulnerable to Denial of Service (DoS) Attack CVE pending | Imperva
Exploit;Patch;Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T46XW4S5BCA3VV3JT3C5Q6LBEXSIACLN/

[SECURITY] Fedora 30 Update: scapy-2.4.3-1.fc30 - package-announce - Fedora Mailing-Lists
Mailing List;Third Party Advisory
https://github.com/secdev/scapy/pull/1409/files#diff-441eff981e466959968111fc6314fe93L1058

Remove useless _RADIUSAttrPacketListField class by p-l- · Pull Request #1409 · secdev/scapy · GitHub
Patch;Third Party Advisory
https://github.com/secdev/scapy/pull/1409

Remove useless _RADIUSAttrPacketListField class by p-l- · Pull Request #1409 · secdev/scapy · GitHub
Patch;Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/42NRPMC3NS2QVFNIXYP6WV2T3LMLLY7E/

[SECURITY] Fedora 29 Update: scapy-2.4.3-2.fc29 - package-announce - Fedora Mailing-Lists
Mailing List;Third Party Advisory
http://www.securityfocus.com/bid/106674

Scapy '_RADIUSAttrPacketListField' Class Remote Denial of Service Vulnerability
Broken Link;Third Party Advisory;VDB Entry

Jump to

Vulnerability Details : CVE-2019-1010142

Products affected by CVE-2019-1010142

Exploit prediction scoring system (EPSS) score for CVE-2019-1010142

CVSS scores for CVE-2019-1010142

CWE ids for CVE-2019-1010142

References for CVE-2019-1010142