CVE-2023-35838

Published: Aug 9, 2023

Modified: Oct 18, 2024

PUBLISHED

Description

The WireGuard client 0.5.3 on Windows insecurely configures the operating system and firewall such that traffic to a local network that uses non-RFC1918 IP addresses is blocked. This allows an adversary to trick the victim into blocking IP traffic to selected IP addresses and services even while the VPN is enabled. NOTE: the tunnelcrack.mathyvanhoef.com website uses this CVE ID to refer more generally to "LocalNet attack resulting in the blocking of traffic" rather than to only WireGuard.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://wireguard.com

https://tunnelcrack.mathyvanhoef.com/details.html

https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0015

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2023-35838

Description

Affected Products

References