CVE-2019-1010142 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	7.5 HIGH	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Base Score

CVSS 3.x

EPSS Score

Percentile: 83%

Affected Products (NVD)

Vendor	Product	Version
scapy	scapy	2.4.0

𝑥

= Vulnerable software versions

Debian Releases

Debian Product

Codename

scapy

bookworm	2.5.0+dfsg-2 fixed
bullseye	2.4.4-4 fixed
buster	no-dsa
jessie	not-affected
sid	2.6.0+dfsg-2 fixed
stretch	not-affected
trixie	2.6.0+dfsg-2 fixed

Ubuntu Releases

Ubuntu Product

Codename

scapy

bionic	not-affected
disco	not-affected
trusty	dne
xenial	not-affected

Known Exploits!

Common Weakness Enumeration

CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')
The program contains an iteration or loop with an exit condition that cannot be reached, i.e., an infinite loop.

References

http://www.securityfocus.com/bid/106674

https://github.com/secdev/scapy/pull/1409

https://github.com/secdev/scapy/pull/1409/files#diff-441eff981e466959968111fc6314fe93L1058

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/42NRPMC3NS2QVFNIXYP6WV2T3LMLLY7E/

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T46XW4S5BCA3VV3JT3C5Q6LBEXSIACLN/

https://www.imperva.com/blog/scapy-sploit-python-network-tool-is-vulnerable-to-denial-of-service-dos-attack-cve-pending/

http://www.securityfocus.com/bid/106674

https://github.com/secdev/scapy/pull/1409

https://github.com/secdev/scapy/pull/1409/files#diff-441eff981e466959968111fc6314fe93L1058

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/42NRPMC3NS2QVFNIXYP6WV2T3LMLLY7E/

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T46XW4S5BCA3VV3JT3C5Q6LBEXSIACLN/

https://www.imperva.com/blog/scapy-sploit-python-network-tool-is-vulnerable-to-denial-of-service-dos-attack-cve-pending/