{"id":"CVE-2025-24356","summary":"UDP traffic amplification via fastd's fast reconnect feature","details":"fastd is a VPN daemon which tunnels IP packets and Ethernet frames over UDP. When receiving a data packet from an unknown IP address/port combination, fastd will assume that one of its connected peers has moved to a new address and initiate a reconnect by sending a handshake packet. This \"fast reconnect\" avoids having to wait for a session timeout (up to ~90s) until a new connection is established. Even a 1-byte UDP packet just containing the fastd packet type header can trigger a much larger handshake packet (~150 bytes of UDP payload). Including IPv4 and UDP headers, the resulting amplification factor is roughly 12-13. By sending data packets with a spoofed source address to fastd instances reachable on the internet, this amplification of UDP traffic might be used to facilitate a Distributed Denial of Service attack. This vulnerability is fixed in v23.","aliases":["GHSA-pggg-vpfv-4rcv"],"modified":"2026-04-12T14:04:24.841752Z","published":"2025-01-27T17:31:38.541Z","database_specific":{"cna_assigner":"GitHub_M","osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/24xxx/CVE-2025-24356.json","cwe_ids":["CWE-405"]},"references":[{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/24xxx/CVE-2025-24356.json"},{"type":"ADVISORY","url":"https://github.com/neocturne/fastd/security/advisories/GHSA-pggg-vpfv-4rcv"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2025-24356"},{"type":"FIX","url":"https://github.com/neocturne/fastd/commit/1f233bee76b722c0b3f9024f2c39c72e9f7e5843"},{"type":"FIX","url":"https://github.com/neocturne/fastd/commit/3940150e801d0c91460491bec32cbcc5bbc89d5f"},{"type":"FIX","url":"https://github.com/neocturne/fastd/commit/5f63fcfc18ae9cad023fa463b152d5e14192b5a8"},{"type":"FIX","url":"https://github.com/neocturne/fastd/commit/9df7e516378441d2d17b89f9db5c27c8312d8f12"},{"type":"FIX","url":"https://github.com/neocturne/fastd/commit/c1a07b3f2b9066c3713c68547da700b85d60f4f7"},{"type":"FIX","url":"https://github.com/neocturne/fastd/commit/ce1b79b12dbfa796743b5f3a50789ade965b7023"},{"type":"FIX","url":"https://github.com/neocturne/fastd/commit/d03a0a17347efb5293e42fde7d982781e90f14ef"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/neocturne/fastd","events":[{"introduced":"0"},{"fixed":"1f233bee76b722c0b3f9024f2c39c72e9f7e5843"}]},{"type":"GIT","repo":"https://github.com/neocturne/fastd","events":[{"introduced":"0"},{"fixed":"3940150e801d0c91460491bec32cbcc5bbc89d5f"}]},{"type":"GIT","repo":"https://github.com/neocturne/fastd","events":[{"introduced":"0"},{"fixed":"5f63fcfc18ae9cad023fa463b152d5e14192b5a8"}]},{"type":"GIT","repo":"https://github.com/neocturne/fastd","events":[{"introduced":"0"},{"fixed":"9df7e516378441d2d17b89f9db5c27c8312d8f12"}]},{"type":"GIT","repo":"https://github.com/neocturne/fastd","events":[{"introduced":"0"},{"fixed":"c1a07b3f2b9066c3713c68547da700b85d60f4f7"}]},{"type":"GIT","repo":"https://github.com/neocturne/fastd","events":[{"introduced":"0"},{"fixed":"ce1b79b12dbfa796743b5f3a50789ade965b7023"}]},{"type":"GIT","repo":"https://github.com/neocturne/fastd","events":[{"introduced":"0"},{"fixed":"d03a0a17347efb5293e42fde7d982781e90f14ef"}]}],"versions":["v0.1","v0.1-rc1","v0.1-rc2","v0.1-rc3","v0.1-rc4","v0.2","v0.3","v0.4","v0.4-rc1","v0.4-rc10","v0.4-rc11","v0.4-rc12","v0.4-rc13","v0.4-rc2","v0.4-rc3","v0.4-rc4","v0.4-rc5","v0.4-rc6","v0.4-rc7","v0.4-rc8","v0.4-rc9","v0.5","v0.5-rc1","v0.5-rc2","v0.5-rc3","v0.5-rc4","v10","v11","v12","v13","v14","v15","v16","v17","v18","v19","v20","v21","v22","v6","v6-rc1","v7","v8","v9"],"database_specific":{"vanir_signatures_modified":"2026-04-12T14:04:24Z","source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-24356.json","vanir_signatures":[{"target":{"file":"src/peer.c"},"source":"https://github.com/neocturne/fastd/commit/ce1b79b12dbfa796743b5f3a50789ade965b7023","signature_version":"v1","id":"CVE-2025-24356-0f2a568d","digest":{"threshold":0.9,"line_hashes":["48311733349935677877856078576226662267","229488734174425680238134247944886891569","203727432815348776634905894564216591725","325048784288367719720427770744710457678","306396521302841841995990470002859967051"]},"deprecated":false,"signature_type":"Line"},{"target":{"file":"src/protocols/ec25519_fhmqvc/handshake.c"},"source":"https://github.com/neocturne/fastd/commit/ce1b79b12dbfa796743b5f3a50789ade965b7023","signature_version":"v1","id":"CVE-2025-24356-12bcf028","digest":{"threshold":0.9,"line_hashes":["175969246196907137856298987160404293798","333475422229744204259474890679083265200","185304747899287039529831551517063999058","139022945201546688347435802019985014039","218018814941973159325631843007986443850","217843635331122923220323405221853880027","307573752334109072077226712828947903071","137050585142017877595489479383696433082"]},"deprecated":false,"signature_type":"Line"},{"target":{"file":"src/receive.c","function":"handle_socket_receive"},"source":"https://github.com/neocturne/fastd/commit/d03a0a17347efb5293e42fde7d982781e90f14ef","signature_version":"v1","id":"CVE-2025-24356-12e6120c","digest":{"length":1645,"function_hash":"323074815272095992647419198503018858477"},"deprecated":false,"signature_type":"Function"},{"target":{"file":"src/config.c","function":"configure_method_parameters"},"source":"https://github.com/neocturne/fastd/commit/d03a0a17347efb5293e42fde7d982781e90f14ef","signature_version":"v1","id":"CVE-2025-24356-14e62dc1","digest":{"length":634,"function_hash":"178908775178633700874285455482841075552"},"deprecated":false,"signature_type":"Function"},{"target":{"file":"src/receive.c","function":"handle_socket_receive"},"source":"https://github.com/neocturne/fastd/commit/ce1b79b12dbfa796743b5f3a50789ade965b7023","signature_version":"v1","id":"CVE-2025-24356-3fbbc61b","digest":{"length":1566,"function_hash":"109219599974070638863224699015321965659"},"deprecated":false,"signature_type":"Function"},{"target":{"file":"src/log.c","function":"fastd_snprint_peer_address"},"source":"https://github.com/neocturne/fastd/commit/c1a07b3f2b9066c3713c68547da700b85d60f4f7","signature_version":"v1","id":"CVE-2025-24356-55554a21","digest":{"length":1327,"function_hash":"297443448770437769517092746614298595936"},"deprecated":false,"signature_type":"Function"},{"target":{"file":"src/fastd.h"},"source":"https://github.com/neocturne/fastd/commit/ce1b79b12dbfa796743b5f3a50789ade965b7023","signature_version":"v1","id":"CVE-2025-24356-63646d0b","digest":{"threshold":0.9,"line_hashes":["270663177838401030362224267475040916829","203779760964903360709274097593917925516","53054199189846654934618999645072319036","189707924898460442303615657287162150242"]},"deprecated":false,"signature_type":"Line"},{"target":{"file":"src/config.c"},"source":"https://github.com/neocturne/fastd/commit/d03a0a17347efb5293e42fde7d982781e90f14ef","signature_version":"v1","id":"CVE-2025-24356-64ca79ae","digest":{"threshold":0.9,"line_hashes":["151327009534852036033642169040952397364","214332912922753022225447011206562430104","307662116946159289110305424050445496659","40680239032401320281422137562525237121","110520411998360624693592165273651445989","300349271186783495550194739587816840002","250223798493894223770887445156421506048","87411707597937742374887731256664609077","99333781617062036006172977388584718337","94603266836941638976780238040301871331","248321620177219035072886632880789864957","338619556736044951620285938483135999884"]},"deprecated":false,"signature_type":"Line"},{"target":{"file":"src/protocols/ec25519_fhmqvc/ec25519_fhmqvc.h"},"source":"https://github.com/neocturne/fastd/commit/ce1b79b12dbfa796743b5f3a50789ade965b7023","signature_version":"v1","id":"CVE-2025-24356-6c916cef","digest":{"threshold":0.9,"line_hashes":["186179138847383127902821389694489251821","322738269222734407682030236354113388093","320803186381341867876420449657028090910","10244651226045566443886722136088832884"]},"deprecated":false,"signature_type":"Line"},{"target":{"file":"src/receive.c"},"source":"https://github.com/neocturne/fastd/commit/d03a0a17347efb5293e42fde7d982781e90f14ef","signature_version":"v1","id":"CVE-2025-24356-774a1b3b","digest":{"threshold":0.9,"line_hashes":["302564492117817543444989981225256956097","245662065985204270957054620645484364507","194107662824366633910195936279108852223","303217223173007320343784291461396842946","92615836168272295515754684918802423097","312914792498616055992047379740210018631","203050101157943934427168003890112965956","176612183960542143206162479229881250971","120535098405221273082350704484087164929","26616358486451186947429922913997124282"]},"deprecated":false,"signature_type":"Line"},{"target":{"file":"src/receive.c","function":"handle_socket_receive"},"source":"https://github.com/neocturne/fastd/commit/5f63fcfc18ae9cad023fa463b152d5e14192b5a8","signature_version":"v1","id":"CVE-2025-24356-80848762","digest":{"length":1793,"function_hash":"64134633841799875633410709302410693225"},"deprecated":false,"signature_type":"Function"},{"target":{"file":"src/receive.c"},"source":"https://github.com/neocturne/fastd/commit/3940150e801d0c91460491bec32cbcc5bbc89d5f","signature_version":"v1","id":"CVE-2025-24356-92b4c692","digest":{"threshold":0.9,"line_hashes":["79433459016752176449369074794340959856","115627725794629434516897898950381657256","287064680060282457140849265431229066350"]},"deprecated":false,"signature_type":"Line"},{"target":{"file":"src/config.c","function":"configure_peers"},"source":"https://github.com/neocturne/fastd/commit/d03a0a17347efb5293e42fde7d982781e90f14ef","signature_version":"v1","id":"CVE-2025-24356-99d68fba","digest":{"length":1075,"function_hash":"285100407234149056118834144756364293766"},"deprecated":false,"signature_type":"Function"},{"target":{"file":"src/log.c"},"source":"https://github.com/neocturne/fastd/commit/c1a07b3f2b9066c3713c68547da700b85d60f4f7","signature_version":"v1","id":"CVE-2025-24356-a9fd36b0","digest":{"threshold":0.9,"line_hashes":["231538463319672020498353485637877203783","217732140172838013795786934251922441155","82768785214028735978632217282705399530","218349940522287090554050728217408874820","294153969233891885577598916481147817869","91515728022423593654964940991182607787","186674800961329894421928660423506292731","265688862656021195802127287532436799978","286673405630918369346004277041945608408","175706891600665999346393245152866936058","331304676153923843959441267915605150427","220482154694633003959974204298830633959","228276271597062136711802786287662969211","90630786900425367872923317339915379075","272627017838890153405444465351005464862","333954036095289133275537750973230457734","261795854020100095471473481622417128850","224866708721945366116422380579918156760","246140751679109693531615112263155173517","105477943201911070940788835208808922531","95632648431254682119284568588338872313","26657591001433691121834127978341097474","323341924742523619090930841755671840188","298570772586492540436924163154952297293","174507409061365916202476510311647678814","204774240445007741522563228718147494743","264323568973352513294597421044390744507","22344982013955493645019708420189696788","80146413275935001680192230240024584356","168575253410978863326188033894070413941","201711148029771649331989463661517882925"]},"deprecated":false,"signature_type":"Line"},{"target":{"file":"src/receive.c"},"source":"https://github.com/neocturne/fastd/commit/ce1b79b12dbfa796743b5f3a50789ade965b7023","signature_version":"v1","id":"CVE-2025-24356-be18f612","digest":{"threshold":0.9,"line_hashes":["295978894238811132885476054958792831390","277714857767181189074067398283964122890","225743963241543667850250580163249700794","104965582722458210936619859080642753526"]},"deprecated":false,"signature_type":"Line"},{"target":{"file":"src/peer.c","function":"send_handshake"},"source":"https://github.com/neocturne/fastd/commit/ce1b79b12dbfa796743b5f3a50789ade965b7023","signature_version":"v1","id":"CVE-2025-24356-ed01a2f5","digest":{"length":850,"function_hash":"55702480743499846667098301655542595923"},"deprecated":false,"signature_type":"Function"},{"target":{"file":"src/protocols/ec25519_fhmqvc/handshake.c","function":"fastd_protocol_ec25519_fhmqvc_handshake_init"},"source":"https://github.com/neocturne/fastd/commit/ce1b79b12dbfa796743b5f3a50789ade965b7023","signature_version":"v1","id":"CVE-2025-24356-f2db3c7f","digest":{"length":897,"function_hash":"195027448429679368151450567263137394282"},"deprecated":false,"signature_type":"Function"},{"target":{"file":"src/receive.c"},"source":"https://github.com/neocturne/fastd/commit/5f63fcfc18ae9cad023fa463b152d5e14192b5a8","signature_version":"v1","id":"CVE-2025-24356-fda8f8ed","digest":{"threshold":0.9,"line_hashes":["32732794930379017205526151097483193093","234764771001896526740290362935891531927","273163956079762052141299135994609565889","179510935341798000419724461801449166596","271183849069884607764986788163196095299","294033135921652816937292369626338284947","117016121816036153990275096991872848145","210457067373432779019640231913001554535","43802194017099567284283629296668724098","100138999774137804938203770733916849035","304969095320060268388024216335545616118","16281321252439697217337038721333495689","66822458743626431316249488168151214057","138098231844726444891902285333620697538","111912993224197122654707878012567344744","84478040340745888418211497732839480641","187227571179187895201426518382720477141","168125174230152411643857700214086106878","249955096754166528365467478042678690495","306150492950737685095432187977787084342","80499969788945260362158619134451598850","328272799706859641639283841820561948092","251505793942250240525663330411593197333","160617723960723633742982436023350416396"]},"deprecated":false,"signature_type":"Line"}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V4","score":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:N/SA:L"}]}