Scapy '_RADIUSAttrPacketListField' Class Remote Denial of Service Vulnerability

Scapy is prone to a remote denial-of-service vulnerability.

Attackers can exploit this issue to crash the affected application, denying service to legitimate users.

Information

Bugtraq ID: 106674
Class: Failure to Handle Exceptional Conditions
CVE: CVE-2019-1010142

Remote: Yes
Local: No
Published: Jan 08 2019 12:00AM
Updated: Jul 23 2019 08:00AM
Credit: Johnathan Azaria and Koby Kilimnik.
Vulnerable: Scapy Scapy 2.4
python scapy-http 1.8
python pysap 0.1.8
python pyersinia 1.0.5
python ooniprobe 1.3.2
python mim 0.2.43
python jldcmds 0.3
python IcmpTool 0.1.8

Not Vulnerable:

Exploit

The researcher who discovered this issue has created a proof-of-concept. Please see the references for more information.

References:

Remove useless _RADIUSAttrPacketListField class (Scapy)
Scapy Home Page (Scapy)
Scapy-sploit: Python Network Tool is Vulnerable to Denial of Service (DoS) Attac (Imperva)

Source: www.securityfocus.com

Exploit Collector

Search Exploit