CVE-2018-16738

tinc 1.0.30 through 1.0.34 has a broken authentication protocol, although there is a partial mitigation. This is fixed in 1.1.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
3.7 LOW
NETWORK
HIGH
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 58%
VendorProductVersion
tinc-vpntinc
1.0.30 ≤
𝑥
≤ 1.0.34
debiandebian_linux
9.0
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
tinc
bookworm
1.0.36-2
fixed
bullseye
1.0.36-2
fixed
jessie
not-affected
sid
1.0.36-2.1
fixed
trixie
1.0.36-2.1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
tinc
noble
not-affected
mantic
not-affected
lunar
not-affected
kinetic
not-affected
jammy
not-affected
impish
not-affected
hirsute
not-affected
groovy
not-affected
focal
not-affected
eoan
not-affected
disco
not-affected
cosmic
ignored
bionic
needed
xenial
needed
trusty
dne
Common Weakness Enumeration
References
http://tinc-vpn.org/security/
http://www.tinc-vpn.org/git/browse?p=tinc%3Ba=commit%3Bh=d3297fbd3b8c8c8a4661f5bbf89aca5cacba8b5a
https://www.debian.org/security/2018/dsa-4312
https://www.starwindsoftware.com/security/sw-20190227-0002/
http://tinc-vpn.org/security/
http://www.tinc-vpn.org/git/browse?p=tinc%3Ba=commit%3Bh=d3297fbd3b8c8c8a4661f5bbf89aca5cacba8b5a
https://www.debian.org/security/2018/dsa-4312
https://www.starwindsoftware.com/security/sw-20190227-0002/