CVE-2023-2754

CVE-2023-2754

Name

CVE-2023-2754

Description

The Cloudflare WARP client for Windows assigns loopback IPv4 addresses for the DNS Servers, since WARP acts as local DNS server that performs DNS queries in a secure manner, however, if a user is connected to WARP over an IPv6-capable network, te WARP client did not assign loopback IPv6 addresses but Unique Local Addresses, which under certain conditions could point towards unknown devices in the same local network which enables an Attacker to view DNS queries made by the device.

NVD Severity

medium

Other trackers

CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia

Mailing lists

oss-security, full-disclosure, bugtraq

Exploits

Exploit DB, Metasploit

Forges

GitHub (code, issues), Aports (code, issues)

Type	URI
MISC	https://install.appcenter.ms/orgs/cloudflare/apps/1.1.1.1-windows-1/distribution_groups/release
MISC	https://github.com/cloudflare/advisories/security/advisories/GHSA-mv6g-7577-vq4w
MISC	https://developers.cloudflare.com/warp-client/

Type

URI

MISC

https://install.appcenter.ms/orgs/cloudflare/apps/1.1.1.1-windows-1/distribution_groups/release

MISC

https://github.com/cloudflare/advisories/security/advisories/GHSA-mv6g-7577-vq4w

MISC

https://developers.cloudflare.com/warp-client/

CPE URI	Source package	Min version	Max version
`cpe:2.3:a:cloudflare:warp::::::windows::*`	warp	>= None	< 2023.7.160.0

CPE URI

Source package

Min version

Max version

cpe:2.3:a:cloudflare:warp:*:*:*:*:*:windows:*:*

warp

>= None

< 2023.7.160.0

Vulnerable and fixed packages

Source package	Branch	Version	Maintainer	Status
warp	edge-community	0.9.2-r1	knuxify <knuxify@gmail.com>	possibly vulnerable
warp	edge-community	0.9.2-r0	knuxify <knuxify@gmail.com>	possibly vulnerable
warp	edge-community	0.9.0-r0	knuxify <knuxify@gmail.com>	possibly vulnerable
warp	edge-community	0.8.1-r0	knuxify <knuxify@gmail.com>	possibly vulnerable
warp	edge-community	0.8.0-r1	knuxify <knuxify@gmail.com>	possibly vulnerable
warp	edge-community	0.8.0-r0	knuxify <knuxify@gmail.com>	possibly vulnerable
warp	3.23-community	0.9.2-r1	knuxify <knuxify@gmail.com>	possibly vulnerable
warp	3.22-community	0.9.2-r0	knuxify <knuxify@gmail.com>	possibly vulnerable
warp	3.22-community	0.8.0-r0	knuxify <knuxify@gmail.com>	possibly vulnerable
warp	3.20-community	0.7.0-r0	knuxify <knuxify@gmail.com>	possibly vulnerable
warp	3.19-community	0.6.2-r0	knuxify <knuxify@gmail.com>	possibly vulnerable
warp	3.18-community	0.5.4-r0	knuxify <knuxify@gmail.com>	possibly vulnerable

Source package

Branch

Version

Maintainer

Status

warp

edge-community

0.9.2-r1

knuxify <knuxify@gmail.com>

possibly vulnerable

warp

edge-community