6.5

CVE-2023-3338

Exploit

Crash due to a null pointer dereference in the dn_nsp_send function

A null pointer dereference flaw was found in the Linux kernel's DECnet networking protocol. This issue could allow a remote user to crash the system.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version < 6.5
NetappActive Iq Unified Manager Version- SwPlatformvsphere
DebianDebian Linux Version10.0
DebianDebian Linux Version11.0
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 8.09% 0.941
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 6.5 2.8 3.6
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
secalert@redhat.com 6.5 2.8 3.6
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-476 NULL Pointer Dereference

The product dereferences a pointer that it expects to be valid but is NULL.

https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html
Third Party Advisory
Mailing List
https://www.debian.org/security/2023/dsa-5480
Third Party Advisory
https://lists.debian.org/debian-lts-announce/2023/07/msg00030.html
Third Party Advisory
Mailing List
https://access.redhat.com/security/cve/CVE-2023-3338
Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2218618
Issue Tracking
https://seclists.org/oss-sec/2023/q2/276
Third Party Advisory
Exploit
Mailing List
https://security.netapp.com/advisory/ntap-20230824-0005/
Third Party Advisory