7.1

CVE-2013-4563

Exploit
The udp6_ufo_fragment function in net/ipv6/udp_offload.c in the Linux kernel through 3.12, when UDP Fragmentation Offload (UFO) is enabled, does not properly perform a certain size comparison before inserting a fragment header, which allows remote attackers to cause a denial of service (panic) via a large IPv6 UDP packet, as demonstrated by use of the Token Bucket Filter (TBF) queueing discipline.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version >= 3.9.8 <= 3.10.23
LinuxLinux Kernel Version >= 3.11 < 3.12.4
CanonicalUbuntu Linux Version12.04 SwEdition-
CanonicalUbuntu Linux Version13.10
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 3.9% 0.889
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.1 8.6 6.9
AV:N/AC:M/Au:N/C:N/I:N/A:C
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00003.html
Third Party Advisory
Mailing List
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=0e033e04c2678dbbe74a46b23fffb7bb918c288e
Vendor Advisory
http://www.openwall.com/lists/oss-security/2013/11/13/9
Patch
Mailing List
http://www.ubuntu.com/usn/USN-2113-1
Third Party Advisory
http://www.ubuntu.com/usn/USN-2117-1
Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=1030015
Issue Tracking
https://github.com/torvalds/linux/commit/0e033e04c2678dbbe74a46b23fffb7bb918c288e
Patch
Exploit