Insufficient Control of Network Message Volume (Network Amplification)

CVE-2021-43547

High

8.2/10

Summary

TwinOaks Computing CoreDX DDS versions prior to 5.9.1 are susceptible to exploitation when an attacker sends a specially crafted packet to flood target devices with unwanted traffic. This may result in a denial-of-service condition and information exposure.

Attack Complexity: LOW
Attack Vector: NETWORK
Integrity Impact: NONE
Scope: UNCHANGED
User Interaction: NONE
Privileges Required: NONE
Confidentiality Impact: LOW
Availability Impact: HIGH

CWE-406 - Insufficient Control of Network Message Volume (Network Amplification)

The software does not sufficiently monitor or control transmitted network traffic volume, so that an actor can cause the software to transmit more traffic than should be allowed for that actor.

References

Advisory Timeline

Published May 05, 2022

Insufficient Control of Network Message Volume (Network Amplification)

CVE-2021-43547

Summary

CWE-406 - Insufficient Control of Network Message Volume (Network Amplification)

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS