CVE-2025-52570

Sažetak

Letmein is an authenticating port knocker. Prior to version 10.2.1, The connection limiter is implemented incorrectly. It allows an arbitrary amount of simultaneously incoming connections (TCP, UDP and Unix socket) for the services letmeind and letmeinfwd. Therefore, the command line option num-connections is not effective and does not limit the number of simultaneously incoming connections. This issue has been patched in version 10.2.1.

Reference

https://github.com/mbuesch/letmein/commit/43207cd77580410d97165d1e3c07361ba6f3558c
https://github.com/mbuesch/letmein/security/advisories/GHSA-jpv7-p47h-f43j

CVSS

Base:	0.0
Impact:	None
Exploitability:	None

Pristup

Vektor	Složenost	Autentikacija
None	None	None

Impact

Povjerljivost	Cjelovitost	Dostupnost
None	None	None

CVSS vektor

None

Zadnje važnije ažuriranje

26-06-2025 - 18:58

Objavljeno

24-06-2025 - 04:15