9.8

CVE-2017-5897

The ip6gre_err function in net/ipv6/ip6_gre.c in the Linux kernel allows remote attackers to have unspecified impact via vectors involving GRE flags in an IPv6 packet, which trigger an out-of-bounds access.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version >= 3.7 < 3.10.106
LinuxLinux Kernel Version >= 3.11 < 3.12.71
LinuxLinux Kernel Version >= 3.13 < 3.16.41
LinuxLinux Kernel Version >= 3.17 < 3.18.49
LinuxLinux Kernel Version >= 3.19 < 4.4.50
LinuxLinux Kernel Version >= 4.5 < 4.9.11
CanonicalUbuntu Linux Version14.04 SwEditionesm
DebianDebian Linux Version8.0
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 4.95% 0.911
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 9.8 3.9 5.9
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov 7.5 10 6.4
AV:N/AC:L/Au:N/C:P/I:P/A:P
CWE-125 Out-of-bounds Read

The product reads data past the end, or before the beginning, of the intended buffer.

http://www.debian.org/security/2017/dsa-3791
Third Party Advisory
https://usn.ubuntu.com/3754-1/
Third Party Advisory
https://source.android.com/security/bulletin/2017-09-01
Third Party Advisory
http://www.openwall.com/lists/oss-security/2017/02/07/2
Third Party Advisory
Mailing List
http://www.securityfocus.com/bid/96037
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1037794
Third Party Advisory
VDB Entry
https://git.kernel.org/pub/scm/linux/kernel/git/davem/net.git/commit/?id=7892032cfe67f4bde6fc2ee967e45a8fbaf33756
Patch
Third Party Advisory