7.8 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:N/I:N/A:C
0.073 Low
EPSS
Percentile
94.0%
The tcp_sacktag_write_queue function in net/ipv4/tcp_input.c in Linux
kernel 2.6.21 through 2.6.23.7, and 2.6.24-rc through 2.6.24-rc2, allows
remote attackers to cause a denial of service (crash) via crafted ACK
responses that trigger a NULL pointer dereference.
Author | Note |
---|---|
kees | Ilpo JΓ€rvinen (original reporter) confirms that this is not actually exploitable |