Lucene search

K
cve[email protected]CVE-2006-7095
HistoryMar 02, 2007 - 9:18 p.m.

CVE-2006-7095

2007-03-0221:18:00
web.nvd.nist.gov
20
cve-2006-7095
network security
buffer overflow
denial of service
remote code execution
dim3 engine security

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

8.2 High

AI Score

Confidence

High

0.046 Low

EPSS

Percentile

92.6%

Integer signedness error in the network_receive_packet function in socket.c in dimension 3 engine (dim3) 1.5 and earlier allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a large data_len value, which is cast to a signed short and results in a buffer overflow.

Affected configurations

NVD
Node
klinkdim3Range1.5
CPENameOperatorVersion
klink:dim3klink dim3le1.5

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

8.2 High

AI Score

Confidence

High

0.046 Low

EPSS

Percentile

92.6%

Related for CVE-2006-7095