CVE-2024-26668

EPSS 0.01%
Veröffentlicht 02.04.2024 07:15:43
Zuletzt bearbeitet 17.03.2025 15:04:22
Quelle 416baaa9-dc9f-4396-8d5f-8c081f
Teams Watchlist Login
Unerledigt Login

In the Linux kernel, the following vulnerability has been resolved:

netfilter: nft_limit: reject configurations that cause integer overflow

Reject bogus configs where internal token counter wraps around.
This only occurs with very very large requests, such as 17gbyte/s.

Its better to reject this rather than having incorrect ratelimit.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 8

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Linux ≫ Linux Kernel Version >= 4.3 < 5.15.149

Linux ≫ Linux Kernel Version >= 5.16 < 6.1.76

Linux ≫ Linux Kernel Version >= 6.2 < 6.6.15

Linux ≫ Linux Kernel Version >= 6.7 < 6.7.3

Linux ≫ Linux Kernel Version6.8 Updaterc1

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.01%	0.007

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5.5	1.8	3.6	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE-190 Integer Overflow or Wraparound

The product performs a calculation that can produce an integer overflow or wraparound when the logic assumes that the resulting value will always be larger than the original value. This occurs when an integer value is incremented to a value that is too large to store in the associated representation. When this occurs, the value may become a very small or negative number.

https://git.kernel.org/stable/c/00c2c29aa36d1d1827c51a3720e9f893a22c7c6a

Patch

https://git.kernel.org/stable/c/79d4efd75e7dbecd855a3b8a63e65f7265f466e1

Patch

https://git.kernel.org/stable/c/9882495d02ecc490604f747437a40626dc9160d0

Patch

https://git.kernel.org/stable/c/bc6e242bb74e2ae616bfd2b250682b738e781c9b

Patch

https://git.kernel.org/stable/c/c9d9eb9c53d37cdebbad56b91e40baf42d5a97aa

Patch

https://nvd.nist.gov/vuln/detail/CVE-2024-26668

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-26668

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-26668

EUVD