CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-24356 – UDP traffic amplification via fastd's fast reconnect feature
https://notcve.org/view.php?id=CVE-2025-24356
27 Jan 2025 — fastd is a VPN daemon which tunnels IP packets and Ethernet frames over UDP. When receiving a data packet from an unknown IP address/port combination, fastd will assume that one of its connected peers has moved to a new address and initiate a reconnect by sending a handshake packet. This "fast reconnect" avoids having to wait for a session timeout (up to ~90s) until a new connection is established. Even a 1-byte UDP packet just containing the fastd packet type header can trigger a much larger handshake pack... • https://github.com/neocturne/fastd/commit/1f233bee76b722c0b3f9024f2c39c72e9f7e5843 • CWE-405: Asymmetric Resource Consumption (Amplification) •
CVSS: 7.5EPSS: 1%CPEs: 5EXPL: 0CVE-2020-27638 – Ubuntu Security Notice USN-4718-1
https://notcve.org/view.php?id=CVE-2020-27638
22 Oct 2020 — receive.c in fastd before v21 allows denial of service (assertion failure) when receiving packets with an invalid type code. En el archivo Receive.c en fastd versiones anteriores a v21, permite una denegación de servicio (fallo de aserción) cuando se reciben paquetes con un código de tipo no válido It was discovered that fastd did not properly handle receive buffers under certain circumstances. A remote attacker could possibly use this issue to cause a memory leak, resulting in a denial of service. • https://bugs.debian.org/972521 • CWE-617: Reachable Assertion •