CVE-2023-2156

EPSS 0.44%
Published 09.05.2023 22:15:10
Last modified 21.11.2024 07:58:02
Source secalert@redhat.com
Teams watchlist Login
Open Login

A flaw was found in the networking subsystem of the Linux kernel within the handling of the RPL protocol. This issue results from the lack of proper handling of user-supplied data, which can lead to an assertion failure. This may allow an unauthenticated remote attacker to create a denial of service condition on the system.

Affected products Warnungen 0 Metrics 2 CWE 1 References 13

Data is provided by the National Vulnerability Database (NVD)

Linux ≫ Linux Kernel Version >= 5.7 < 5.10.184

Linux ≫ Linux Kernel Version >= 5.11 < 5.15.117

Linux ≫ Linux Kernel Version >= 5.16 < 6.1.34

Linux ≫ Linux Kernel Version >= 6.2 < 6.2.13

Linux ≫ Linux Kernel Version >= 6.3 < 6.3.8

Redhat ≫ Enterprise Linux Version9.0

Fedoraproject ≫ Fedora Version38

Debian ≫ Debian Linux Version10.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.44%	0.62

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-617 Reachable Assertion

The product contains an assert() or similar statement that can be triggered by an attacker, which leads to an application exit or other behavior that is more severe than necessary.

https://www.debian.org/security/2023/dsa-5448

Third Party Advisory

VDB Entry

http://www.openwall.com/lists/oss-security/2023/05/17/8

Mailing List

http://www.openwall.com/lists/oss-security/2023/05/17/9

Mailing List

http://www.openwall.com/lists/oss-security/2023/05/18/1

Mailing List

http://www.openwall.com/lists/oss-security/2023/05/19/1

Mailing List

https://bugzilla.redhat.com/show_bug.cgi?id=2196292