7.1

CVE-2009-2903

EPSS 3.77%
Published 15.09.2009 22:30:00
Last modified 09.04.2025 00:30:58
Source secalert@redhat.com
Teams watchlist Login
Open Login

Memory leak in the appletalk subsystem in the Linux kernel 2.4.x through 2.4.37.6 and 2.6.x through 2.6.31, when the appletalk and ipddp modules are loaded but the ipddp"N" device is not found, allows remote attackers to cause a denial of service (memory consumption) via IP-DDP datagrams.

Affected products Warnungen 0 Metrics 2 CWE 1 References 18

Data is provided by the National Vulnerability Database (NVD)

Linux ≫ Linux Kernel Version >= 2.4.0 <= 2.4.37.6

Linux ≫ Linux Kernel Version >= 2.6.0 <= 2.6.31

Suse ≫ Linux Enterprise Debuginfo Version10 Updatesp2

Suse ≫ Linux Enterprise Debuginfo Version10 Updatesp3

Suse ≫ Linux Enterprise Desktop Version10 Updatesp2

Suse ≫ Linux Enterprise Desktop Version10 Updatesp3

Suse ≫ Linux Enterprise Server Version9

Suse ≫ Linux Enterprise Server Version10 Updatesp2

Suse ≫ Linux Enterprise Server Version10 Updatesp3

Suse ≫ Linux Enterprise Software Development Kit Version10 Updatesp2

Suse ≫ Linux Enterprise Software Development Kit Version10 Updatesp3

Canonical ≫ Ubuntu Linux Version6.06

Canonical ≫ Ubuntu Linux Version8.04 SwEdition-

Canonical ≫ Ubuntu Linux Version8.10

Canonical ≫ Ubuntu Linux Version9.04

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	3.77%	0.869

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7.1	8.6	6.9	AV:N/AC:M/Au:N/C:N/I:N/A:C

CWE-772 Missing Release of Resource after Effective Lifetime

The product does not release a resource after its effective lifetime has ended, i.e., after the resource is no longer needed.

http://lists.opensuse.org/opensuse-security-announce/2010-02/msg00005.html

Third Party Advisory

Mailing List

http://secunia.com/advisories/37105

Third Party Advisory

http://www.ubuntu.com/usn/USN-852-1

Third Party Advisory

http://git.kernel.org/?p=linux/kernel/git/davem/net-next-2.6.git%3Ba=commit%3Bh=ffcfb8db540ff879c2a85bf7e404954281443414

http://lists.opensuse.org/opensuse-security-announce/2009-12/msg00002.html

Third Party Advisory

Mailing List

http://lists.opensuse.org/opensuse-security-announce/2009-12/msg00005.html

Third Party Advisory

Mailing List

http://lists.opensuse.org/opensuse-security-announce/2010-02/msg00007.html

Third Party Advisory

Mailing List

http://secunia.com/advisories/36707

Third Party Advisory

http://secunia.com/advisories/37909

Third Party Advisory

http://www.mandriva.com/security/advisories?name=MDVSA-2009:329

Third Party Advisory

http://www.openwall.com/lists/oss-security/2009/09/14/1

Third Party Advisory

Mailing List

http://www.openwall.com/lists/oss-security/2009/09/14/2

Third Party Advisory

Mailing List

http://www.openwall.com/lists/oss-security/2009/09/17/11

Third Party Advisory

Mailing List

http://www.securityfocus.com/bid/36379

Third Party Advisory

VDB Entry

https://bugzilla.redhat.com/show_bug.cgi?id=522331

Third Party Advisory

Issue Tracking

https://nvd.nist.gov/vuln/detail/CVE-2009-2903

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2009-2903

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2009-2903

EUVD