CVE-2023-2156

EPSS 2.09%
Veröffentlicht 09.05.2023 22:15:10
Zuletzt bearbeitet 21.11.2024 07:58:02
Quelle secalert@redhat.com
CVE-Watchlists
Login
Unerledigt
Login

A flaw was found in the networking subsystem of the Linux kernel within the handling of the RPL protocol. This issue results from the lack of proper handling of user-supplied data, which can lead to an assertion failure. This may allow an unauthenticated remote attacker to create a denial of service condition on the system.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 13

NVD 8 VulnDex Vulnerability Enrichment 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Linux ≫ Linux Kernel Version >= 5.7 < 5.10.184

Linux ≫ Linux Kernel Version >= 5.11 < 5.15.117

Linux ≫ Linux Kernel Version >= 5.16 < 6.1.34

Linux ≫ Linux Kernel Version >= 6.2 < 6.2.13

Linux ≫ Linux Kernel Version >= 6.3 < 6.3.8

Redhat ≫ Enterprise Linux Version9.0

Fedoraproject ≫ Fedora Version38

Debian ≫ Debian Linux Version10.0

VulnDex Vulnerability Enrichment

Diese Information steht angemeldeten Benutzern zur Verfügung.

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	2.09%	0.838

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-617 Reachable Assertion

The product contains an assert() or similar statement that can be triggered by an attacker, which leads to an application exit or other behavior that is more severe than necessary.

https://www.debian.org/security/2023/dsa-5448

Third Party Advisory

VDB Entry

http://www.openwall.com/lists/oss-security/2023/05/17/8

Mailing List

http://www.openwall.com/lists/oss-security/2023/05/17/9

Mailing List

http://www.openwall.com/lists/oss-security/2023/05/18/1

Mailing List

http://www.openwall.com/lists/oss-security/2023/05/19/1

Mailing List

https://bugzilla.redhat.com/show_bug.cgi?id=2196292