Mishandling of IPv6 NDP timeout (CVE-2021-3384)
Vulnerability details
Mishandling of the IPv6 NDP timeout could cause a temporary denial of service.
Impacted products
Revisions
Version |
Date |
Description |
v1 |
03/01/2021 |
Initial release |
v2 |
03/03/2021 |
Fix typo in “Impacted Versions” and “Solution” |
v3 |
03/08/2021 |
Fix typo in “Impacted Versions” and “Solution” |
v4 |
04/06/2021 |
Update fix version |
v5 |
05/27/2021 |
Update fix version |
Stormshield Network Security |
CVSS v3.1 Overall Score: 3.9 
|
Analysis
|
Impacted version
|
This vulnerability could allow an attacker to trigger a protection related to ARP/NDP tables management, which would temporarily prevent the system to contact new hosts via IPv4 or IPv6.
|
- SNS 2.0.0 to 2.7.7
- SNS 2.8.0 to 2.16.0
- SNS 3.0.0 to 3.7.17
- SNS 3.8.0 to 3.11.5
- SNS 4.0.0 to 4.1.4
- SNS 4.2.1
|
Workaround solution
|
Solution
|
There is no workaround solution.
|
The vulnerability is fixed in versions:
- 2.7.8
- 3.7.18
- 3.11.6
- 4.1.5
- 4.2.2
|
Attack Vector |
Attack Complexity |
Privileges Required |
User Interaction |
Scope |
Confidentiality Impact |
Integrity Impact |
Availability impact |
Network |
Low |
None |
None |
Unchanged |
None |
None |
Low |
Exploit Code Maturity |
Remediation Level |
Report Confidence |
Unproven that exploit exists |
Official fix |
Reasonable |
Confidentiality Requirement |
Integrity Requirement |
Availability Requirement |
Low |
Low |
Low |
Acknowledgements
Stormshield thanks the R&D and especially @p_jalaber for discovering this issue.