7.8

CVE-2010-4164

Multiple integer underflows in the x25_parse_facilities function in net/x25/x25_facilities.c in the Linux kernel before 2.6.36.2 allow remote attackers to cause a denial of service (system crash) via malformed X.25 (1) X25_FAC_CLASS_A, (2) X25_FAC_CLASS_B, (3) X25_FAC_CLASS_C, or (4) X25_FAC_CLASS_D facility data, a different vulnerability than CVE-2010-3873.

Data is provided by the National Vulnerability Database (NVD)
LinuxLinux Kernel Version < 2.6.36.2
OpensuseOpensuse Version11.2
OpensuseOpensuse Version11.3
SuseLinux Enterprise Desktop Version10 Updatesp3
SuseLinux Enterprise Desktop Version11 Updatesp1
SuseLinux Enterprise Real Time Extension Version11 Updatesp1
SuseLinux Enterprise Server Version10 Updatesp3
SuseLinux Enterprise Server Version11 Updatesp1
DebianDebian Linux Version5.0
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 2% 0.829
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 7.8 10 6.9
AV:N/AC:L/Au:N/C:N/I:N/A:C
CWE-191 Integer Underflow (Wrap or Wraparound)

The product subtracts one value from another, such that the result is less than the minimum allowable integer value, which produces a value that is not equal to the correct result.

http://openwall.com/lists/oss-security/2010/11/11/2
Third Party Advisory
Mailing List
http://openwall.com/lists/oss-security/2010/11/12/3
Third Party Advisory
Mailing List
http://www.securityfocus.com/bid/45055
Third Party Advisory
VDB Entry
https://bugzilla.redhat.com/show_bug.cgi?id=652517
Patch
Third Party Advisory
Issue Tracking