CVE-2023-43618

MEDIUM5.3EPSS 0.06%

Croc requires senders to provide local IP addresses in cleartext

Published: 9/20/2023Modified: 2/4/2026

Also known as:GHSA-7mp6-929p-pqhjCGA-m9rm-68fv-2w3cGO-2023-2070

Description

An issue was discovered in Croc before 9.6.16. The protocol requires a sender to provide its local IP addresses in cleartext via an `ips?` message.

Source	Version	Severity	Vector
osv	CVSS 3.1	MEDIUM5.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N