Vulnerabilities > CVE-2023-43617 - Unspecified vulnerability in Schollz Croc
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
LOW Integrity impact
NONE Availability impact
NONE Summary
An issue was discovered in Croc through 9.6.5. When a custom shared secret is used, the sender and receiver may divulge parts of this secret to an untrusted Relay, as part of composing a room name.
Vulnerable Configurations
References
- http://www.openwall.com/lists/oss-security/2023/09/21/5
- http://www.openwall.com/lists/oss-security/2023/09/21/5
- https://github.com/schollz/croc/issues/596
- https://github.com/schollz/croc/issues/596
- https://www.openwall.com/lists/oss-security/2023/09/08/2
- https://www.openwall.com/lists/oss-security/2023/09/08/2