ID CVE-2008-0177
Summary The ipcomp6_input function in sys/netinet6/ipcomp_input.c in the KAME project before 20071201 does not properly check the return value of the m_pulldown function, which allows remote attackers to cause a denial of service (system crash) via an IPv6 packet with an IPComp header.
References
Vulnerable Configurations
  • cpe:2.3:a:kame:ipcomp:*:*:*:*:*:*:*:*
    cpe:2.3:a:kame:ipcomp:*:*:*:*:*:*:*:*
CVSS
Base: 7.8 (as of 29-09-2017 - 01:30)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE COMPLETE
assigner via4 cve@mitre.org
cvss-vector via4 AV:N/AC:L/Au:N/C:N/I:N/A:C
non_vulnerable_configuration via4
    refmap via4
    apple
    • APPLE-SA-2008-05-28
    • APPLE-SA-2008-07-11
    bid 27642
    cert TA08-150A
    cert-vn VU#110947
    confirm
    exploit-db 5191
    freebsd FreeBSD-SA-08:04
    sectrack 1019314
    secunia
    • 28788
    • 28816
    • 28979
    • 29130
    • 30430
    • 31074
    vupen
    • ADV-2008-0441
    • ADV-2008-0688
    • ADV-2008-1697
    • ADV-2008-2094
    vulnerable_product via4 cpe:2.3:a:kame:ipcomp:*:*:*:*:*:*:*:*
    Last major update 29-09-2017 - 01:30
    Published 07-02-2008 - 22:00
    Back to Top