10
CVE-2006-1368
- EPSS 6.01%
- Veröffentlicht 23.03.2006 23:06:00
- Zuletzt bearbeitet 16.06.2026 22:22:32
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
Buffer overflow in the USB Gadget RNDIS implementation in the Linux kernel before 2.6.16 allows remote attackers to cause a denial of service (kmalloc'd memory corruption) via a remote NDIS response to OID_GEN_SUPPORTED_LIST, which causes memory to be allocated for the reply data but not the reply structure.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Linux ≫ Linux Kernel Version <= 2.6.15
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 6.01% | 0.924 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 10 | 10 | 10 |
AV:N/AC:L/Au:N/C:C/I:C/A:C
|
CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.
http://secunia.com/advisories/20914
http://www.debian.org/security/2006/dsa-1103
http://www.vupen.com/english/advisories/2006/2554
http://secunia.com/advisories/20671
http://www.debian.org/security/2006/dsa-1097
http://secunia.com/advisories/19955
https://usn.ubuntu.com/281-1/
http://secunia.com/advisories/21045
http://www.mandriva.com/security/advisories?name=MDKSA-2006:123
http://secunia.com/advisories/19330
http://www.vupen.com/english/advisories/2006/1046
http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=8763716bfe4d8a16bef28c9947cf9d799b1796a5
http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.16
http://www.securityfocus.com/bid/17831