640332 – (CVE-2017-17066) <net-vpn/i2pd-2.17.0: GarlicRust vulnerability (CVE 2017-17066)

Bug 640332 (CVE-2017-17066) - <net-vpn/i2pd-2.17.0: GarlicRust vulnerability (CVE 2017-17066)

Summary: <net-vpn/i2pd-2.17.0: GarlicRust vulnerability (CVE 2017-17066)

Status:	RESOLVED FIXED

Alias:	CVE-2017-17066

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	Normal minor (vote)
Assignee:	Gentoo Security

URL:
Whiteboard:	~3 [noglsa cve]
Keywords:

Depends on:
Blocks:

Reported:	2017-12-08 21:37 UTC by tonemgub
Modified:	2018-07-06 21:14 UTC (History)
CC List:	1 user (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description tonemgub 2017-12-08 21:37:57 UTC

Attacker gains access to victim memory. High-risk vunerability.

https://eyalitkin.wordpress.com/2017/12/04/cve-publication-garlicrust-cve-2017-17066/

Pull ready.
https://github.com/gentoo/gentoo/pull/6468

Comment 1 Alexey Korepanov 2018-07-05 12:40:26 UTC

A week ago, the vulnerable 2.16.0 left the portage tree. Probably, this bug is safe to close.