FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

tinc -- Buffer overflow

Affected packages
tinc < 1.0.35
tinc-devel < 1.1pre17


VuXML ID a4eb38ea-cc06-11e8-ada4-408d5cf35399
Discovery 2018-10-08
Entry 2018-10-09 reports:

The authentication protocol allows an oracle attack that could potentially be exploited.

If a man-in-the-middle has intercepted the TCP connection it might be able to force plaintext UDP packets between two nodes for up to a PingInterval period.


CVE Name CVE-2018-16737
CVE Name CVE-2018-16738
CVE Name CVE-2018-16758