Ietf Ietf

  1. Vendors
  2. Ietf

Don't miss out!

Thousands of developers use stack.watch to stay informed.
Get an email whenever new security vulnerabilities are reported in any Ietf product.

RSS Feeds for Ietf security vulnerabilities

Create a CVE RSS feed including security vulnerabilities found in Ietf products with stack.watch. Just hit watch, then grab your custom RSS feed url.

Products by Ietf Sorted by Most Security Vulnerabilities since 2018

Ietf P802 1q4 vulnerabilities

Ietf Ipv62 vulnerabilities

Ietf Generic Routing Encapsulation1 vulnerability

Ietf Generic Routing Encapsulation61 vulnerability

Ietf Generic Udp Encapsulation1 vulnerability

Ietf Http1 vulnerability

Ietf Internet Key Exchange1 vulnerability

Ietf Public Key Cryptography Standards 11 vulnerability

Ietf Rfc1 vulnerability

Known Exploited Ietf Vulnerabilities

The following Ietf vulnerabilities have been marked by CISA as Known to be Exploited by threat actors.

Title Description Added
Service Location Protocol (SLP) Denial-of-Service Vulnerability The Service Location Protocol (SLP) contains a denial-of-service (DoS) vulnerability that could allow an unauthenticated, remote attacker to register services and use spoofed UDP traffic to conduct a denial-of-service (DoS) attack with a significant amplification factor.
CVE-2023-29552 Exploit Probability: 92.6% 		November 8, 2023
HTTP/2 Rapid Reset Attack Vulnerability HTTP/2 contains a rapid reset vulnerability that allows for a distributed denial-of-service attack (DDoS).
CVE-2023-44487 Exploit Probability: 94.4% 		October 10, 2023

Of the known exploited vulnerabilities above, 2 are in the top 1%, or the 99th percentile of the EPSS exploit probability rankings.

By the Year

In 2025 there have been 4 vulnerabilities in Ietf with an average score of 5.4 out of ten. Last year, in 2024 Ietf had 1 security vulnerability published. That is, 3 more vulnerabilities have already been reported in 2025 as compared to last year. Last year, the average CVE base score was greater by 3.65




Year Vulnerabilities Average Score
2025 4 5.35
2024 1 9.00
2023 1 7.50
2022 4 4.70
2021 1 5.90
2020 1 0.00
2019 0 0.00
2018 1 5.90

It may take a day or so for new Ietf vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Ietf Security Vulnerabilities

CVE Date Vulnerability Products
CVE-2024-7596 Feb 05, 2025
CVE-2024-7596: GUE Source Verification Bypass Proposed Generic UDP Encapsulation (GUE) (IETF Draft) do not validate or verify the source of a network packet allowing an attacker to spoof and route arbitrary traffic via an exposed network interface that can lead to spoofing, access control bypass, and other unexpected network behaviors. This can be considered similar to CVE-2020-10136.
Generic Udp Encapsulation
CVE-2024-7595 Feb 05, 2025
GRE/GRE6 Spoofing: Unvalidated Source Allows Traffic Redirection GRE and GRE6 Protocols (RFC2784) do not validate or verify the source of a network packet allowing an attacker to spoof and route arbitrary traffic via an exposed network interface that can lead to spoofing, access control bypass, and other unexpected network behaviors. This can be considered similar to CVE-2020-10136.
Generic Routing Encapsulation6
Generic Routing Encapsulation
CVE-2025-23019 Jan 14, 2025
CVE-2025-23019: IPv6-in-IPv4 Tunneling Spoofing (RFC 4213) IPv6-in-IPv4 tunneling (RFC 4213) allows an attacker to spoof and route traffic via an exposed network interface.
Ipv6
CVE-2025-23018 Jan 14, 2025
IPv4/IPv6 Tunnel Spoofing on Linux Networking Stack IPv4-in-IPv6 and IPv6-in-IPv6 tunneling (RFC 2473) do not require the validation or verification of the source of a network packet, allowing an attacker to spoof and route arbitrary traffic via an exposed network interface. This is a similar issue to CVE-2020-10136.
Ipv6
CVE-2024-3596 Jul 09, 2024
RADIUS MD5 Response Authenticator Forgery via Chosen-Prefix Collision RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a local attacker who can modify any valid Response (Access-Accept, Access-Reject, or Access-Challenge) to any other response using a chosen-prefix collision attack against MD5 Response Authenticator signature.
Rfc
CVE-2023-44487 Oct 10, 2023
The HTTP/2 protocol The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.
Http
CVE-2021-27862 Sep 27, 2022
Layer 2 network filtering capabilities such as IPv6 RA guard Layer 2 network filtering capabilities such as IPv6 RA guard can be bypassed using LLC/SNAP headers with invalid length and Ethernet to Wifi frame conversion (and optionally VLAN0 headers).
P802 1q
CVE-2021-27861 Sep 27, 2022
Layer 2 network filtering capabilities such as IPv6 RA guard Layer 2 network filtering capabilities such as IPv6 RA guard can be bypassed using LLC/SNAP headers with invalid length (and optionally VLAN0 headers)
P802 1q
CVE-2021-27854 Sep 27, 2022
Layer 2 network filtering capabilities such as IPv6 RA guard can be bypassed using combinations of VLAN 0 headers, LLC/SNAP headers, and converting frames Layer 2 network filtering capabilities such as IPv6 RA guard can be bypassed using combinations of VLAN 0 headers, LLC/SNAP headers, and converting frames from Ethernet to Wifi and its reverse.
P802 1q
CVE-2021-27853 Sep 27, 2022
Layer 2 network filtering capabilities such as IPv6 RA guard or ARP inspection Layer 2 network filtering capabilities such as IPv6 RA guard or ARP inspection can be bypassed using combinations of VLAN 0 headers and LLC/SNAP headers.
P802 1q
CVE-2020-20950 Jan 19, 2021
Bleichenbacher's attack on PKCS #1 v1.5 padding for RSA in Microchip Libraries for Applications 2018-11-26 All up to 2018-11-26 Bleichenbacher's attack on PKCS #1 v1.5 padding for RSA in Microchip Libraries for Applications 2018-11-26 All up to 2018-11-26. The vulnerability can allow one to use Bleichenbacher's oracle attack to decrypt an encrypted ciphertext by making successive queries to the server using the vulnerable library, resulting in remote information disclosure.
Public Key Cryptography Standards 1
CVE-2020-10136 Jun 02, 2020
IP-in-IP protocol specifies IP Encapsulation within IP standard (RFC 2003, STD 1) IP-in-IP protocol specifies IP Encapsulation within IP standard (RFC 2003, STD 1) that decapsulate and route IP-in-IP traffic is vulnerable to spoofing, access-control bypass and other unexpected behavior due to the lack of validation to verify network packets before decapsulation and routing.
CVE-2018-5389 Sep 06, 2018
The Internet Key Exchange v1 main mode is vulnerable to offline dictionary or brute force attacks The Internet Key Exchange v1 main mode is vulnerable to offline dictionary or brute force attacks. Reusing a key pair across different versions and modes of IKE could lead to cross-protocol authentication bypasses. It is well known, that the aggressive mode of IKEv1 PSK is vulnerable to offline dictionary or brute force attacks. For the main mode, however, only an online attack against PSK authentication was thought to be feasible. This vulnerability could allow an attacker to recover a weak Pre-Shared Key or enable the impersonation of a victim host or network.
Internet Key Exchange
Built by Foundeo Inc., with data from the National Vulnerability Database (NVD). Privacy Policy. Use of this site is governed by the Legal Terms
Disclaimer
CONTENT ON THIS WEBSITE IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. Always check with your vendor for the most up to date, and accurate information.