Количество 9
Количество 9
BDU:2025-11073
Уязвимость функции get_name() файла interface.c пакета утилит Net-tools операционной системы Linux, позволяющая нарушителю выполнить произвольный код и вызвать отказ в обслуживании
CVE-2025-46836
net-tools is a collection of programs that form the base set of the NET-3 networking distribution for the Linux operating system. Inn versions up to and including 2.10, the Linux network utilities (like ifconfig) from the net-tools package do not properly validate the structure of /proc files when showing interfaces. `get_name()` in `interface.c` copies interface labels from `/proc/net/dev` into a fixed 16-byte stack buffer without bounds checking, leading to possible arbitrary code execution or crash. The known attack path does not require privilege but also does not provide privilege escalation in this scenario. A patch is available and expected to be part of version 2.20.
CVE-2025-46836
net-tools is a collection of programs that form the base set of the NET-3 networking distribution for the Linux operating system. Inn versions up to and including 2.10, the Linux network utilities (like ifconfig) from the net-tools package do not properly validate the structure of /proc files when showing interfaces. `get_name()` in `interface.c` copies interface labels from `/proc/net/dev` into a fixed 16-byte stack buffer without bounds checking, leading to possible arbitrary code execution or crash. The known attack path does not require privilege but also does not provide privilege escalation in this scenario. A patch is available and expected to be part of version 2.20.
CVE-2025-46836
net-tools is a collection of programs that form the base set of the NET-3 networking distribution for the Linux operating system. Inn versions up to and including 2.10, the Linux network utilities (like ifconfig) from the net-tools package do not properly validate the structure of /proc files when showing interfaces. `get_name()` in `interface.c` copies interface labels from `/proc/net/dev` into a fixed 16-byte stack buffer without bounds checking, leading to possible arbitrary code execution or crash. The known attack path does not require privilege but also does not provide privilege escalation in this scenario. A patch is available and expected to be part of version 2.20.
CVE-2025-46836
net-tools Stack-based Buffer Overflow vulnerability
CVE-2025-46836
net-tools is a collection of programs that form the base set of the NE ...
SUSE-SU-2025:03260-1
Security update for net-tools
SUSE-SU-2025:03245-1
Security update for net-tools
SUSE-SU-2025:02974-1
Security update for net-tools
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | BDU:2025-11073 Уязвимость функции get_name() файла interface.c пакета утилит Net-tools операционной системы Linux, позволяющая нарушителю выполнить произвольный код и вызвать отказ в обслуживании | CVSS3: 6.6 | 0% Низкий | 6 месяцев назад |
 | CVE-2025-46836 net-tools is a collection of programs that form the base set of the NET-3 networking distribution for the Linux operating system. Inn versions up to and including 2.10, the Linux network utilities (like ifconfig) from the net-tools package do not properly validate the structure of /proc files when showing interfaces. `get_name()` in `interface.c` copies interface labels from `/proc/net/dev` into a fixed 16-byte stack buffer without bounds checking, leading to possible arbitrary code execution or crash. The known attack path does not require privilege but also does not provide privilege escalation in this scenario. A patch is available and expected to be part of version 2.20. | CVSS3: 6.6 | 0% Низкий | 6 месяцев назад |
 | CVE-2025-46836 net-tools is a collection of programs that form the base set of the NET-3 networking distribution for the Linux operating system. Inn versions up to and including 2.10, the Linux network utilities (like ifconfig) from the net-tools package do not properly validate the structure of /proc files when showing interfaces. `get_name()` in `interface.c` copies interface labels from `/proc/net/dev` into a fixed 16-byte stack buffer without bounds checking, leading to possible arbitrary code execution or crash. The known attack path does not require privilege but also does not provide privilege escalation in this scenario. A patch is available and expected to be part of version 2.20. | CVSS3: 6.6 | 0% Низкий | 6 месяцев назад |
 | CVE-2025-46836 net-tools is a collection of programs that form the base set of the NET-3 networking distribution for the Linux operating system. Inn versions up to and including 2.10, the Linux network utilities (like ifconfig) from the net-tools package do not properly validate the structure of /proc files when showing interfaces. `get_name()` in `interface.c` copies interface labels from `/proc/net/dev` into a fixed 16-byte stack buffer without bounds checking, leading to possible arbitrary code execution or crash. The known attack path does not require privilege but also does not provide privilege escalation in this scenario. A patch is available and expected to be part of version 2.20. | CVSS3: 6.6 | 0% Низкий | 6 месяцев назад |
 | CVE-2025-46836 net-tools Stack-based Buffer Overflow vulnerability | CVSS3: 6.6 | 0% Низкий | 4 месяца назад |
| CVE-2025-46836 net-tools is a collection of programs that form the base set of the NE ... | CVSS3: 6.6 | 0% Низкий | 6 месяцев назад |
 | SUSE-SU-2025:03260-1 Security update for net-tools | 0% Низкий | около 2 месяцев назад | |
| SUSE-SU-2025:03245-1 Security update for net-tools | 0% Низкий | около 2 месяцев назад | |
| SUSE-SU-2025:02974-1 Security update for net-tools | 0% Низкий | 3 месяца назад |
Уязвимостей на страницу