Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2017-7542

Опубликовано: 19 июл. 2017
Источник: redhat
CVSS3: 5.5
EPSS Низкий

Описание

The ip6_find_1stfragopt function in net/ipv6/output_core.c in the Linux kernel through 4.12.3 allows local users to cause a denial of service (integer overflow and infinite loop) by leveraging the ability to open a raw socket.

An integer overflow vulnerability in ip6_find_1stfragopt() function was found. A local attacker that has privileges (of CAP_NET_RAW) to open raw socket can cause an infinite loop inside the ip6_find_1stfragopt() function.

Отчет

This issue affects the Linux kernel packages as shipped with Red Hat Enterprise Linux 6, 7 and MRG-2. Future Linux kernel updates for the respective releases may address this issue. This issue affects the Linux kernel packages as shipped with Red Hat Enterprise Linux 5 and does not qualify for inclusion as part of the Red Hat Enterprise Linux 5 lifecycle. For more information on the lifecycle see https://access.redhat.com/support/policy/updates/errata

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 5kernelWill not fix
Red Hat Enterprise Linux 7kernel-altAffected
Red Hat Enterprise Linux 6kernelFixedRHSA-2018:016925.01.2018
Red Hat Enterprise Linux 7kernel-rtFixedRHSA-2017:293119.10.2017
Red Hat Enterprise Linux 7kernelFixedRHSA-2017:293019.10.2017
Red Hat Enterprise MRG 2kernel-rtFixedRHSA-2017:291819.10.2017

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-190->CWE-835
https://bugzilla.redhat.com/show_bug.cgi?id=1473649kernel: Integer overflow in ip6_find_1stfragopt() causes infinite loop

EPSS

Процентиль: 3%
0.00018
Низкий

5.5 Medium

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2017-7542

CVSS3: 5.5
ubuntu
почти 8 лет назад

The ip6_find_1stfragopt function in net/ipv6/output_core.c in the Linux kernel through 4.12.3 allows local users to cause a denial of service (integer overflow and infinite loop) by leveraging the ability to open a raw socket.

nvd логотип

CVE-2017-7542

CVSS3: 5.5
nvd
почти 8 лет назад

The ip6_find_1stfragopt function in net/ipv6/output_core.c in the Linux kernel through 4.12.3 allows local users to cause a denial of service (integer overflow and infinite loop) by leveraging the ability to open a raw socket.

debian логотип

CVE-2017-7542

CVSS3: 5.5
debian
почти 8 лет назад

The ip6_find_1stfragopt function in net/ipv6/output_core.c in the Linu ...

github логотип

GHSA-p8mm-976g-672h

CVSS3: 5.5
github
около 3 лет назад

The ip6_find_1stfragopt function in net/ipv6/output_core.c in the Linux kernel through 4.12.3 allows local users to cause a denial of service (integer overflow and infinite loop) by leveraging the ability to open a raw socket.

oracle-oval логотип

ELSA-2017-3631

oracle-oval
больше 7 лет назад

ELSA-2017-3631: Unbreakable Enterprise kernel security update (IMPORTANT)

EPSS

Процентиль: 3%
0.00018
Низкий

5.5 Medium

CVSS3