7.8
CVE-2017-7645
- EPSS 16.01%
- Veröffentlicht 18.04.2017 14:59:00
- Zuletzt bearbeitet 20.04.2025 01:37:25
- Quelle cve@mitre.org
- Teams Watchlist Login
- Unerledigt Login
The NFSv2/NFSv3 server in the nfsd subsystem in the Linux kernel through 4.10.11 allows remote attackers to cause a denial of service (system crash) via a long RPC reply, related to net/sunrpc/svc.c, fs/nfsd/nfs3xdr.c, and fs/nfsd/nfsxdr.c.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Linux ≫ Linux Kernel Version < 3.2.89
Linux ≫ Linux Kernel Version >= 3.3 < 3.10.107
Linux ≫ Linux Kernel Version >= 3.11 < 3.12.74
Linux ≫ Linux Kernel Version >= 3.13 < 3.16.44
Linux ≫ Linux Kernel Version >= 3.17 < 3.18.52
Linux ≫ Linux Kernel Version >= 3.19 < 4.1.40
Linux ≫ Linux Kernel Version >= 4.2 < 4.4.66
Linux ≫ Linux Kernel Version >= 4.5 < 4.9.26
Linux ≫ Linux Kernel Version >= 4.10 < 4.10.14
Debian ≫ Debian Linux Version8.0
Debian ≫ Debian Linux Version9.0
Canonical ≫ Ubuntu Linux Version14.04 SwEditionesm
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 16.01% | 0.942 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.5 | 3.9 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
|
| nvd@nist.gov | 7.8 | 10 | 6.9 |
AV:N/AC:L/Au:N/C:N/I:N/A:C
|
CWE-20 Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.