7.8
CVE-2011-4913
- EPSS 0.95%
- Published 21.06.2012 23:55:02
- Last modified 11.04.2025 00:51:21
- Source secalert@redhat.com
- Teams watchlist Login
- Open Login
The rose_parse_ccitt function in net/rose/rose_subr.c in the Linux kernel before 2.6.39 does not validate the FAC_CCITT_DEST_NSAP and FAC_CCITT_SRC_NSAP fields, which allows remote attackers to (1) cause a denial of service (integer underflow, heap memory corruption, and panic) via a small length value in data sent to a ROSE socket, or (2) conduct stack-based buffer overflow attacks via a large length value in data sent to a ROSE socket.
Data is provided by the National Vulnerability Database (NVD)
Novell ≫ Suse Linux Enterprise Server Version10.0 Updatesp4 SwEditionltss
Linux ≫ Linux Kernel Version <= 2.6.38.8
Linux ≫ Linux Kernel Version2.6.38
Linux ≫ Linux Kernel Version2.6.38 Updaterc1
Linux ≫ Linux Kernel Version2.6.38 Updaterc2
Linux ≫ Linux Kernel Version2.6.38 Updaterc3
Linux ≫ Linux Kernel Version2.6.38 Updaterc4
Linux ≫ Linux Kernel Version2.6.38 Updaterc5
Linux ≫ Linux Kernel Version2.6.38 Updaterc6
Linux ≫ Linux Kernel Version2.6.38 Updaterc7
Linux ≫ Linux Kernel Version2.6.38 Updaterc8
Linux ≫ Linux Kernel Version2.6.38.1
Linux ≫ Linux Kernel Version2.6.38.2
Linux ≫ Linux Kernel Version2.6.38.3
Linux ≫ Linux Kernel Version2.6.38.4
Linux ≫ Linux Kernel Version2.6.38.5
Linux ≫ Linux Kernel Version2.6.38.6
Linux ≫ Linux Kernel Version2.6.38.7
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.95% | 0.743 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 7.8 | 10 | 6.9 |
AV:N/AC:L/Au:N/C:N/I:N/A:C
|
CWE-20 Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.