2.1
CVE-2007-3654
- EPSS 0.31%
- Veröffentlicht 17.09.2007 17:17:00
- Zuletzt bearbeitet 16.06.2026 22:42:27
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
The display driver allocattr functions in NetBSD 3.0 through 4.0_BETA2, and NetBSD-current before 20070728, allow local users to cause a denial of service (panic) via a (1) negative or (2) large value in an ioctl call, as demonstrated by the vga_allocattr function.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.31% | 0.222 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 2.1 | 3.9 | 2.9 |
AV:L/AC:L/Au:N/C:N/I:N/A:P
|
CWE-20 Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2007-006.txt.asc
http://osvdb.org/40810
http://www.securityfocus.com/bid/25682
http://www.securitytracker.com/id?1018693
https://exchange.xforce.ibmcloud.com/vulnerabilities/36598