Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
UDP traffic amplification via fastd's fast reconnect feature
Vulnerability Description
fastd is a VPN daemon which tunnels IP packets and Ethernet frames over UDP. When receiving a data packet from an unknown IP address/port combination, fastd will assume that one of its connected peers has moved to a new address and initiate a reconnect by sending a handshake packet. This "fast reconnect" avoids having to wait for a session timeout (up to ~90s) until a new connection is established. Even a 1-byte UDP packet just containing the fastd packet type header can trigger a much larger handshake packet (~150 bytes of UDP payload). Including IPv4 and UDP headers, the resulting amplification factor is roughly 12-13. By sending data packets with a spoofed source address to fastd instances reachable on the internet, this amplification of UDP traffic might be used to facilitate a Distributed Denial of Service attack. This vulnerability is fixed in v23.
CVSS Information
N/A
Vulnerability Type
不对称的资源消耗(放大攻击)
Vulnerability Title
fastd 安全漏洞
Vulnerability Description
fastd是中国Fastdlabs团队的一个支持 Swoole 的轻量级 Web 开发框架。 fastd 23之前版本存在安全漏洞,该漏洞源于存在UDP流量放大漏洞,从而导致分布式拒绝服务攻击。
CVSS Information
N/A
Vulnerability Type
N/A