Insufficient Control of Network Message Volume (Network Amplification)

CVE-2021-38429

High

9.1/10

Summary

OCI OpenDDS versions prior to 3.18.1 are vulnerable when an attacker sends a specially crafted packet to flood target devices with unwanted traffic, which may result in a denial-of-service condition and information exposure.

Attack Complexity: LOW
Attack Vector: NETWORK
Integrity Impact: NONE
Scope: UNCHANGED
User Interaction: NONE
Privileges Required: NONE
Confidentiality Impact: HIGH
Availability Impact: HIGH

CWE-406 - Insufficient Control of Network Message Volume (Network Amplification)

The software does not sufficiently monitor or control transmitted network traffic volume, so that an actor can cause the software to transmit more traffic than should be allowed for that actor.

References

Advisory Timeline

Published May 05, 2022

Insufficient Control of Network Message Volume (Network Amplification)

CVE-2021-38429

Summary

CWE-406 - Insufficient Control of Network Message Volume (Network Amplification)

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS