Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2017-2634

Опубликовано: 24 фев. 2017
Источник: redhat
CVSS3: 7.5

Описание

It was found that the Linux kernel's Datagram Congestion Control Protocol (DCCP) implementation before 2.6.22.17 used the IPv4-only inet_sk_rebuild_header() function for both IPv4 and IPv6 DCCP connections, which could result in memory corruptions. A remote attacker could use this flaw to crash the system.

It was found that the Linux kernel's Datagram Congestion Control Protocol (DCCP) implementation used the IPv4-only inet_sk_rebuild_header() function for both IPv4 and IPv6 DCCP connections, which could result in memory corruptions. A remote attacker could use this flaw to crash the system.

Отчет

This issue affects Red Hat Enterprise Linux 5 kernel. This issue was fixed in a versions 6 and 7 prior to this issue being raised. Future Linux kernel updates for Red Hat Enterprise Linux 5 may address this issue.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 6kernelNot affected
Red Hat Enterprise Linux 7kernelNot affected
Red Hat Enterprise Linux 5kernelFixedRHSA-2017:032324.02.2017
Red Hat Enterprise Linux 5.6 Long LifekernelFixedRHSA-2017:034728.02.2017
Red Hat Enterprise Linux 5.9 Long LifekernelFixedRHSA-2017:034628.02.2017

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-476
https://bugzilla.redhat.com/show_bug.cgi?id=1424751kernel: dccp: crash while sending ipv6 reset packet

7.5 High

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2017-2634

CVSS3: 7.5
ubuntu
больше 7 лет назад

It was found that the Linux kernel's Datagram Congestion Control Protocol (DCCP) implementation before 2.6.22.17 used the IPv4-only inet_sk_rebuild_header() function for both IPv4 and IPv6 DCCP connections, which could result in memory corruptions. A remote attacker could use this flaw to crash the system.

nvd логотип

CVE-2017-2634

CVSS3: 7.5
nvd
больше 7 лет назад

It was found that the Linux kernel's Datagram Congestion Control Protocol (DCCP) implementation before 2.6.22.17 used the IPv4-only inet_sk_rebuild_header() function for both IPv4 and IPv6 DCCP connections, which could result in memory corruptions. A remote attacker could use this flaw to crash the system.

debian логотип

CVE-2017-2634

CVSS3: 7.5
debian
больше 7 лет назад

It was found that the Linux kernel's Datagram Congestion Control Proto ...

github логотип

GHSA-qmpj-vx37-329m

CVSS3: 7.5
github
больше 3 лет назад

It was found that the Linux kernel's Datagram Congestion Control Protocol (DCCP) implementation before 2.6.22.17 used the IPv4-only inet_sk_rebuild_header() function for both IPv4 and IPv6 DCCP connections, which could result in memory corruptions. A remote attacker could use this flaw to crash the system.

oracle-oval логотип

ELSA-2017-0323

oracle-oval
больше 8 лет назад

ELSA-2017-0323: kernel security update (IMPORTANT)

7.5 High

CVSS3