CVE-2011-1493

2012-06-2123:55:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

cve-2011-1493

linux kernel

denial of service

heap memory corruption

nvd

vulnerability

8.5 High

AI Score

Confidence

High

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.027 Low

EPSS

Percentile

90.2%

JSON

Array index error in the rose_parse_national function in net/rose/rose_subr.c in the Linux kernel before 2.6.39 allows remote attackers to cause a denial of service (heap memory corruption) or possibly have unspecified other impact by composing FAC_NATIONAL_DIGIS data that specifies a large number of digipeaters, and then sending this data to a ROSE socket.

CPENameOperatorVersion
linux:linux_kernellinux linux kerneleq2.6.38
linux:linux_kernellinux linux kerneleq2.6.38.3
linux:linux_kernellinux linux kernelle2.6.38.8
linux:linux_kernellinux linux kerneleq2.6.38.6
linux:linux_kernellinux linux kerneleq2.6.38.1
linux:linux_kernellinux linux kerneleq2.6.38.5
linux:linux_kernellinux linux kerneleq2.6.38.2
linux:linux_kernellinux linux kerneleq2.6.38.4
linux:linux_kernellinux linux kerneleq2.6.38.7

CPE	Name	Operator	Version
linux:linux_kernel	linux linux kernel	eq	2.6.38
linux:linux_kernel	linux linux kernel	eq	2.6.38.3
linux:linux_kernel	linux linux kernel	le	2.6.38.8
linux:linux_kernel	linux linux kernel	eq	2.6.38.6
linux:linux_kernel	linux linux kernel	eq	2.6.38.1
linux:linux_kernel	linux linux kernel	eq	2.6.38.5
linux:linux_kernel	linux linux kernel	eq	2.6.38.2
linux:linux_kernel	linux linux kernel	eq	2.6.38.4
linux:linux_kernel	linux linux kernel	eq	2.6.38.7