Lucene search

K
cveMitreCVE-2008-2136
HistoryMay 16, 2008 - 12:54 p.m.

CVE-2008-2136

2008-05-1612:54:00
CWE-399
mitre
web.nvd.nist.gov
77
cve-2008-2136
memory leak
ipip6_rcv
linux kernel 2.4
linux kernel 2.6
denial of service
sit tunnel interface
network traffic
nvd

CVSS2

7.8

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

AI Score

5.9

Confidence

High

EPSS

0.899

Percentile

98.8%

Memory leak in the ipip6_rcv function in net/ipv6/sit.c in the Linux kernel 2.4 before 2.4.36.5 and 2.6 before 2.6.25.3 allows remote attackers to cause a denial of service (memory consumption) via network traffic to a Simple Internet Transition (SIT) tunnel interface, related to the pskb_may_pull and kfree_skb functions, and management of an skb reference count.

Affected configurations

Nvd
Node
linuxlinux_kernelRange2.4.0–2.4.36.5
OR
linuxlinux_kernelRange2.6.0–2.6.25.3
Node
debiandebian_linuxMatch4.0
Node
canonicalubuntu_linuxMatch6.06lts
OR
canonicalubuntu_linuxMatch7.04
OR
canonicalubuntu_linuxMatch7.10
OR
canonicalubuntu_linuxMatch8.04lts
VendorProductVersionCPE
linuxlinux_kernel*cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
debiandebian_linux4.0cpe:2.3:o:debian:debian_linux:4.0:*:*:*:*:*:*:*
canonicalubuntu_linux6.06cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:lts:*:*:*
canonicalubuntu_linux7.04cpe:2.3:o:canonical:ubuntu_linux:7.04:*:*:*:*:*:*:*
canonicalubuntu_linux7.10cpe:2.3:o:canonical:ubuntu_linux:7.10:*:*:*:*:*:*:*
canonicalubuntu_linux8.04cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:lts:*:*:*

References

CVSS2

7.8

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

AI Score

5.9

Confidence

High

EPSS

0.899

Percentile

98.8%