7.8
CVE-2017-7645
- EPSS 16.01%
- Published 18.04.2017 14:59:00
- Last modified 20.04.2025 01:37:25
- Source cve@mitre.org
- Teams watchlist Login
- Open Login
The NFSv2/NFSv3 server in the nfsd subsystem in the Linux kernel through 4.10.11 allows remote attackers to cause a denial of service (system crash) via a long RPC reply, related to net/sunrpc/svc.c, fs/nfsd/nfs3xdr.c, and fs/nfsd/nfsxdr.c.
Data is provided by the National Vulnerability Database (NVD)
Linux ≫ Linux Kernel Version < 3.2.89
Linux ≫ Linux Kernel Version >= 3.3 < 3.10.107
Linux ≫ Linux Kernel Version >= 3.11 < 3.12.74
Linux ≫ Linux Kernel Version >= 3.13 < 3.16.44
Linux ≫ Linux Kernel Version >= 3.17 < 3.18.52
Linux ≫ Linux Kernel Version >= 3.19 < 4.1.40
Linux ≫ Linux Kernel Version >= 4.2 < 4.4.66
Linux ≫ Linux Kernel Version >= 4.5 < 4.9.26
Linux ≫ Linux Kernel Version >= 4.10 < 4.10.14
Debian ≫ Debian Linux Version8.0
Debian ≫ Debian Linux Version9.0
Canonical ≫ Ubuntu Linux Version14.04 SwEditionesm
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 16.01% | 0.942 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 7.5 | 3.9 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
|
| nvd@nist.gov | 7.8 | 10 | 6.9 |
AV:N/AC:L/Au:N/C:N/I:N/A:C
|
CWE-20 Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.