Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

IETF — Vulnerabilities & Security Advisories 9

Browse all 9 CVE security advisories affecting IETF. AI-powered Chinese analysis, POCs, and references for each vulnerability.

The Internet Engineering Task Force develops and promotes voluntary internet standards, including protocols like HTTP and TLS, which form the backbone of global internet infrastructure. Historically, vulnerabilities in IETF-related standards have commonly included remote code execution, cross-site scripting, and privilege escalation flaws, often stemming from implementation issues rather than protocol design itself. While the organization itself hasn't experienced major security incidents, its protocols have been exploited in high-profile attacks, such as those leveraging weaknesses in TLS implementations. With 9 CVEs currently on record, these vulnerabilities typically affect implementations of IETF standards rather than the standards themselves, highlighting the importance of proper security practices in deploying internet technologies.

Top products by IETF: IPv6 RFC2003 - IP Encapsulation within IP P802.1Q DHCP RFC RFC2784 - Generic Routing Encapsulation (GRE) draft-ietf-intarea-gue-09 RFC 7523
CVE IDTitleCVSSSeverityPublished
CVE-2025-27371 OpenID IETF OAuth 安全漏洞 — RFC 7523CWE-305 6.9 Medium2025-03-03
CVE-2024-7596 Generic UDP Encapsulation (GUE) (IETF Draft) do not validate or verify the source of a network packet — draft-ietf-intarea-gue-09 7.5 -2025-02-05
CVE-2024-7595 GRE and GRE6 Protocols (RFC2784) do not validate or verify the source of a network packet — RFC2784 - Generic Routing Encapsulation (GRE) 9.1 -2025-02-05
CVE-2025-23018 IPv6-in-IPv4 tunneling 安全漏洞 — IPv6CWE-940 5.4 Medium2025-01-14
CVE-2025-23019 IPv6-in-IPv4 tunneling 安全漏洞 — IPv6CWE-940 5.4 Medium2025-01-14
CVE-2024-3596 RADIUS Protocol under RFC2865 is vulnerable to forgery attacks. — RFC 5.5 -2024-07-09
CVE-2024-3661 DHCP routing options can manipulate interface-based VPN traffic — DHCPCWE-306 7.6 High2024-05-06
CVE-2021-27854 L2 network filtering bypass using stacked VLAN0, LLC/SNAP headers, and Ethernet to Wifi frame translation — P802.1QCWE-290 4.7 -2022-09-27
CVE-2020-10136 IP-in-IP protocol allows a remote, unauthenticated attacker to route arbitrary network traffic — RFC2003 - IP Encapsulation within IPCWE-290 8.2 -2020-06-02

This page lists every published CVE security advisory associated with IETF. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.