7.8
CVE-2017-7645
- EPSS 20%
- Veröffentlicht 18.04.2017 14:59:00
- Zuletzt bearbeitet 20.04.2025 01:37:25
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
LoginThe NFSv2/NFSv3 server in the nfsd subsystem in the Linux kernel through 4.10.11 allows remote attackers to cause a denial of service (system crash) via a long RPC reply, related to net/sunrpc/svc.c, fs/nfsd/nfs3xdr.c, and fs/nfsd/nfsxdr.c.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Linux ≫ Linux Kernel Version < 3.2.89
Linux ≫ Linux Kernel Version >= 3.3 < 3.10.107
Linux ≫ Linux Kernel Version >= 3.11 < 3.12.74
Linux ≫ Linux Kernel Version >= 3.13 < 3.16.44
Linux ≫ Linux Kernel Version >= 3.17 < 3.18.52
Linux ≫ Linux Kernel Version >= 3.19 < 4.1.40
Linux ≫ Linux Kernel Version >= 4.2 < 4.4.66
Linux ≫ Linux Kernel Version >= 4.5 < 4.9.26
Linux ≫ Linux Kernel Version >= 4.10 < 4.10.14
Debian ≫ Debian Linux Version8.0
Debian ≫ Debian Linux Version9.0
Canonical ≫ Ubuntu Linux Version14.04 SwEditionesm
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 20% | 0.953 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.5 | 3.9 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
|
| nvd@nist.gov | 7.8 | 10 | 6.9 |
AV:N/AC:L/Au:N/C:N/I:N/A:C
|
CWE-20 Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.