7.8
CVE-2017-9074
- EPSS 0.08%
- Published 19.05.2017 07:29:00
- Last modified 20.04.2025 01:37:25
- Source cve@mitre.org
- Teams watchlist Login
- Open Login
The IPv6 fragmentation implementation in the Linux kernel through 4.11.1 does not consider that the nexthdr field may be associated with an invalid option, which allows local users to cause a denial of service (out-of-bounds read and BUG) or possibly have unspecified other impact via crafted socket and send system calls.
Data is provided by the National Vulnerability Database (NVD)
Linux ≫ Linux Kernel Version < 3.2.89
Linux ≫ Linux Kernel Version >= 3.3 < 3.16.44
Linux ≫ Linux Kernel Version >= 3.17 < 3.18.56
Linux ≫ Linux Kernel Version >= 3.19 < 4.1.42
Linux ≫ Linux Kernel Version >= 4.2 < 4.4.71
Linux ≫ Linux Kernel Version >= 4.5 < 4.9.31
Linux ≫ Linux Kernel Version >= 4.10 < 4.11.4
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.08% | 0.241 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 7.8 | 1.8 | 5.9 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
| nvd@nist.gov | 7.2 | 3.9 | 10 |
AV:L/AC:L/Au:N/C:C/I:C/A:C
|
CWE-125 Out-of-bounds Read
The product reads data past the end, or before the beginning, of the intended buffer.