7.2 High
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
0.0004 Low
EPSS
Percentile
9.3%
Integer overflow in the dccp_feat_change function in net/dccp/feat.c in the
Datagram Congestion Control Protocol (DCCP) subsystem in the Linux kernel
2.6.18, and 2.6.17 through 2.6.20, allows local users to gain privileges
via an invalid feature length, which leads to a heap-based buffer overflow.