CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
EPSS
Percentile
23.7%
Array index error in the dahdi/tor2.c driver in Zaptel (aka DAHDI) 1.4.11
and earlier allows local users in the dialout group to overwrite an integer
value in kernel memory by writing to /dev/zap/ctl, related to an incorrect
tor2 patch for CVE-2008-5396 that uses the wrong variable in a range check
against the value of lc->sync.