nuauth in NuFW 1.0.x before 1.0.16 and 1.1 allows authenticated users to cause a denial of service via malformed packets.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| nufw | nufw | 1.0.14 |
| nufw | nufw | 1.0.15 |
| nufw | nufw | 1.0.12 |
| nufw | nufw | 1.1 |
| nufw | nufw | 1.0.11 |
| nufw | nufw | 1.0.13 |
nuauth in NuFW before 1.0.21 does not properly handle blocking TLS sockets, which allows remote authenticated users to cause a denial of service (service hang) by flooding packets at the authentication server.
CVSS 2.0
Severity: LOW
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| nufw | nufw_firewall | 1.0.20 |
NuFW 2.2.3, and certain other versions after 2.0, allows remote attackers to bypass time-based packet filtering rules via certain "out of period" choices of packet transmission time.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| nufw | nufw | 2.2.3 |
Heap-based buffer overflow in the samp_send function in nuauth/sasl.c in NuFW before 2.2.7 allows remote attackers to cause a denial of service via unspecified input on which base64 encoding is performed. NOTE: some of these details are obtained from third party information.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| nufw | nufw | 2.2.6 |