7.8
CVE-2017-9074
- EPSS 0.42%
- Veröffentlicht 19.05.2017 07:29:00
- Zuletzt bearbeitet 13.05.2026 00:24:29
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
The IPv6 fragmentation implementation in the Linux kernel through 4.11.1 does not consider that the nexthdr field may be associated with an invalid option, which allows local users to cause a denial of service (out-of-bounds read and BUG) or possibly have unspecified other impact via crafted socket and send system calls.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Linux ≫ Linux Kernel Version < 3.2.89
Linux ≫ Linux Kernel Version >= 3.3 < 3.16.44
Linux ≫ Linux Kernel Version >= 3.17 < 3.18.56
Linux ≫ Linux Kernel Version >= 3.19 < 4.1.42
Linux ≫ Linux Kernel Version >= 4.2 < 4.4.71
Linux ≫ Linux Kernel Version >= 4.5 < 4.9.31
Linux ≫ Linux Kernel Version >= 4.10 < 4.11.4
VulnDex Vulnerability Enrichment
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.42% | 0.338 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.8 | 1.8 | 5.9 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
| nvd@nist.gov | 7.2 | 3.9 | 10 |
AV:L/AC:L/Au:N/C:C/I:C/A:C
|
CWE-125 Out-of-bounds Read
The product reads data past the end, or before the beginning, of the intended buffer.
https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0
https://access.redhat.com/errata/RHSA-2017:1842
https://access.redhat.com/errata/RHSA-2017:2077
https://access.redhat.com/errata/RHSA-2017:2669
http://www.debian.org/security/2017/dsa-3886
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=2423496af35d94a87156b063ea5cedffc10a70a1
http://www.securityfocus.com/bid/98577
https://access.redhat.com/errata/RHSA-2018:0169
https://github.com/torvalds/linux/commit/2423496af35d94a87156b063ea5cedffc10a70a1
https://patchwork.ozlabs.org/patch/763117/