ubuntu-cve-2025-24356
Vulnerability from osv_ubuntu
fastd is a VPN daemon which tunnels IP packets and Ethernet frames over UDP. When receiving a data packet from an unknown IP address/port combination, fastd will assume that one of its connected peers has moved to a new address and initiate a reconnect by sending a handshake packet. This "fast reconnect" avoids having to wait for a session timeout (up to ~90s) until a new connection is established. Even a 1-byte UDP packet just containing the fastd packet type header can trigger a much larger handshake packet (~150 bytes of UDP payload). Including IPv4 and UDP headers, the resulting amplification factor is roughly 12-13. By sending data packets with a spoofed source address to fastd instances reachable on the internet, this amplification of UDP traffic might be used to facilitate a Distributed Denial of Service attack. This vulnerability is fixed in v23.
{
"affected": [
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "fastd",
"binary_version": "17-4ubuntu0.1"
}
]
},
"package": {
"ecosystem": "Ubuntu:16.04:LTS",
"name": "fastd",
"purl": "pkg:deb/ubuntu/fastd@17-4ubuntu0.1?arch=source\u0026distro=xenial"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"17-4",
"17-4build1",
"17-4ubuntu0.1"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "fastd",
"binary_version": "18-3ubuntu0.18.04.1"
}
]
},
"package": {
"ecosystem": "Ubuntu:18.04:LTS",
"name": "fastd",
"purl": "pkg:deb/ubuntu/fastd@18-3ubuntu0.18.04.1?arch=source\u0026distro=bionic"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"18-2",
"18-2ubuntu1",
"18-2ubuntu2",
"18-3",
"18-3ubuntu0.18.04.1"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "fastd",
"binary_version": "18-3ubuntu0.1"
}
]
},
"package": {
"ecosystem": "Ubuntu:20.04:LTS",
"name": "fastd",
"purl": "pkg:deb/ubuntu/fastd@18-3ubuntu0.1?arch=source\u0026distro=focal"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"18-3build1",
"18-3ubuntu0.1"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "fastd",
"binary_version": "22-2build1"
}
]
},
"package": {
"ecosystem": "Ubuntu:22.04:LTS",
"name": "fastd",
"purl": "pkg:deb/ubuntu/fastd@22-2build1?arch=source\u0026distro=jammy"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"21-1",
"22-2",
"22-2build1"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "fastd",
"binary_version": "22-4build2"
}
]
},
"package": {
"ecosystem": "Ubuntu:24.04:LTS",
"name": "fastd",
"purl": "pkg:deb/ubuntu/fastd@22-4build2?arch=source\u0026distro=noble"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"22-4",
"22-4build1",
"22-4build2"
]
}
],
"aliases": [],
"details": "fastd is a VPN daemon which tunnels IP packets and Ethernet frames over UDP. When receiving a data packet from an unknown IP address/port combination, fastd will assume that one of its connected peers has moved to a new address and initiate a reconnect by sending a handshake packet. This \"fast reconnect\" avoids having to wait for a session timeout (up to ~90s) until a new connection is established. Even a 1-byte UDP packet just containing the fastd packet type header can trigger a much larger handshake packet (~150 bytes of UDP payload). Including IPv4 and UDP headers, the resulting amplification factor is roughly 12-13. By sending data packets with a spoofed source address to fastd instances reachable on the internet, this amplification of UDP traffic might be used to facilitate a Distributed Denial of Service attack. This vulnerability is fixed in v23.",
"id": "UBUNTU-CVE-2025-24356",
"modified": "2025-10-24T05:18:08Z",
"published": "2025-01-27T18:15:00Z",
"references": [
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2025-24356"
},
{
"type": "REPORT",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24356"
},
{
"type": "REPORT",
"url": "https://github.com/neocturne/fastd/security/advisories/GHSA-pggg-vpfv-4rcv"
},
{
"type": "REPORT",
"url": "https://github.com/neocturne/fastd/commit/1f233bee76b722c0b3f9024f2c39c72e9f7e5843"
},
{
"type": "REPORT",
"url": "https://github.com/neocturne/fastd/commit/3940150e801d0c91460491bec32cbcc5bbc89d5f"
},
{
"type": "REPORT",
"url": "https://github.com/neocturne/fastd/commit/5f63fcfc18ae9cad023fa463b152d5e14192b5a8"
},
{
"type": "REPORT",
"url": "https://github.com/neocturne/fastd/commit/9df7e516378441d2d17b89f9db5c27c8312d8f12"
},
{
"type": "REPORT",
"url": "https://github.com/neocturne/fastd/commit/c1a07b3f2b9066c3713c68547da700b85d60f4f7"
},
{
"type": "REPORT",
"url": "https://github.com/neocturne/fastd/commit/ce1b79b12dbfa796743b5f3a50789ade965b7023"
},
{
"type": "REPORT",
"url": "https://github.com/neocturne/fastd/commit/d03a0a17347efb5293e42fde7d982781e90f14ef"
}
],
"related": [],
"schema_version": "1.7.0",
"severity": [
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:N/SA:L",
"type": "CVSS_V4"
},
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
],
"upstream": [
"CVE-2025-24356"
]
}
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.