Vulnerability in IPv6 Protocol Specification Affecting Multiple Vendors
CVE-2016-10142

8.6HIGH

Key Information:

Vendor
Ietf
Status
Ipv6
Vendor
CVE Published:
14 January 2017

Summary

A vulnerability in the IPv6 protocol allows attackers to exploit ICMP Packet Too Big (PTB) messages and trigger unnecessary packet fragmentation. This can lead to Denial of Service (DoS) conditions for legacy IPv6 nodes that do not fully comply with the required standards. By sending a crafted ICMPv6 PTB message, attackers can manipulate IPv6 atomic fragment generation, leading to dropped packets in communication streams. This vulnerability affects a broad range of IPv6 implementations, highlighting the need for robust security measures against fragmentation-based attacks.

References

https://tools.ietf.org/html/draft-ietf-6man-deprecate-ato...
x_refsource_MISC
https://tools.ietf.org/html/rfc8021
x_refsource_MISC
http://www.securityfocus.com/bid/95797
vdb-entryx_refsource_BID

CVSS V3.1

Score:
8.6
Severity:
HIGH
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.