VDB
CVE-2023-43617
CVE-2023-43617
PUBLISHED
An issue was discovered in Croc through 9.6.5. When a custom shared secret is used, the sender and receiver may divulge parts of this secret to an untrusted Relay, as part of composing a room name.
EPSS 0.13% · 31.8th percentile
Risk Scores
EPSS Score
0.13%
31.8th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| schollz | croc | 0 |
| n/a | n/a | * |
| github.com | schollz/croc/v9 | 0 |
Timeline
- Sep 20, 2023 CVE Published
- Sep 21, 2023 CVE Updated
- Sep 22, 2023 EPSS Score
- Oct 24, 2023 EPSS Score
- Nov 25, 2023 EPSS Score
- Dec 27, 2023 EPSS Score
- Jan 28, 2024 EPSS Score
- Feb 29, 2024 EPSS Score
- Apr 1, 2024 EPSS Score
- May 3, 2024 EPSS Score
- Jun 4, 2024 EPSS Score
- Jul 6, 2024 EPSS Score
References
- https://www.openwall.com/lists/oss-security/2023/09/08/2 url
- https://github.com/schollz/croc/issues/596 url
- [oss-security] 20230921 Re: croc: multiple issues in file sharing utility mailing-list
- https://nvd.nist.gov/vuln/detail/CVE-2023-43617 advisory
- https://github.com/schollz/croc/pull/699 url
- https://github.com/schollz/croc/commit/0f1ca436cd8e608738da0b23bf594537cfbe6213 url
- https://github.com/schollz/croc package