i2p before 2.3.0 (Java) allows de-anonymizing the public IPv4 and IPv6 addresses of i2p hidden services (aka eepsites) via a correlation attack across the IPv4 and IPv6 addresses that occurs when a tunneled, replayed message has a behavior discrepancy (it may be dropped, or may result in a Wrong Destination response). An attack would take days to complete.
Metrics
Affected Vendors & Products
References
History
Mon, 04 Nov 2024 22:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Weaknesses | CWE-203 | |
Metrics |
cvssV3_1
|
Wed, 09 Oct 2024 22:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
Wed, 09 Oct 2024 05:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | i2p before 2.3.0 (Java) allows de-anonymizing the public IPv4 and IPv6 addresses of i2p hidden services (aka eepsites) via a correlation attack across the IPv4 and IPv6 addresses that occurs when a tunneled, replayed message has a behavior discrepancy (it may be dropped, or may result in a Wrong Destination response). An attack would take days to complete. | |
References |
|
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2024-10-09T00:00:00
Updated: 2024-11-04T21:26:16.946Z
Reserved: 2023-06-21T00:00:00
Link: CVE-2023-36325
Vulnrichment
Updated: 2024-10-09T21:16:55.862Z
NVD
Status : Awaiting Analysis
Published: 2024-10-09T06:15:11.303
Modified: 2024-11-04T22:35:00.740
Link: CVE-2023-36325
Redhat
No data.