tg-me.com/v2fly/88
Last Update:
v4.44.0 is released. (Stable, Security Release)
This release includes security enhancement for all users.
!!! Important SECURITY enhancement !!!
* Fix DoS attack vulnerability in CommandSwitchAccountFactory. (Thanks geeknik)
Security Advisory
This update fixes a DoS vulnerability in V2Ray. This vulnerability allows a VMess Server controlled by an attacker to crash a VMess Client by sending a specially crafted handshake response reply with an (optional) VMess SwitchAccount Command that is one byte shorter than expected. This vulnerability does NOT allow the attacker to retrieve any information from a client other than it used an unpatched version of the software and does NOT allow attacker to control the unpatched software or system. It is strongly recommended for all users to apply this security update at the earliest possible opportunity. We would like to thank geeknik for the responsible disclosure of this vulnerability.
此更新修复了在 V2Ray 中的一个拒绝服务攻击漏洞。这个漏洞允许攻击者控制的 VMess 服务器迫使 VMess 客户端崩溃。这个漏洞可以通过在 VMess 握手阶段向客户端发送一个恶意的回复数据包被触发,触发漏洞数据包的内容是比正确内容少一个字节的 VMess 切换账户指令。 攻击者 *无法* 通过这个漏洞获取来自客户端任何信息(除客户端尚未应用此安全更新以外),也 *不会* 允许攻击者控制客户端软件或系统。强烈推荐所有用户在第一时间应用本安全更新。我们在此感谢 geeknik 将此漏洞负责任的披露给我们。
BY V2Fly - Notification and Updates, V2Ray the second new
Share with your friend now:
tg-me.com/v2fly/88