5.3 MEDIUM
- CVSS version (CVSS): 3.1
- Attack Vector (AV): Network (N)
- Attack Complexity (AC): Low (L)
- Privileges Required (PR): None (N)
- User Interaction (UI): None (N)
- Scope (S): Unchanged (U)
- Confidentiality (C): Low (L)
- Integrity (I): None (N)
- Availability (A): None (N)
- Modified Attack Vector (MAV): Network (N)
- Modified Attack Complexity (MAC): Low (L)
- Modified Privileges Required (MPR): None (N)
- Modified User Interaction (MUI): None (N)
- Modified Confidentiality (MC): Low (L)
- Modified Scope (MS): Unchanged (U)
- Modified Integrity (MI): None (N)
- Modified Availability (MA): None (N)
Activity log
- Created suggestion
Information about ECS zero scoped answers might leak to clients that use a specific ECS
ECS zero scoped answers are stored in the packet cache while they should not. This impacts only configurations that have ECS enabled;
Affected products
- <5.4.3
- <5.2.11
- <5.3.8
Matching in nixpkgs
pkgs.rotp
Open-source modernization of the 1993 classic "Master of Orion", written in Java
Package maintainers
-
@rnhmjoj Michele Guerini Rocco <rnhmjoj@inventati.org>
-
@jtrees Joshua Trees <me@jtrees.io>