ID CVE-2008-0177
Summary The ipcomp6_input function in sys/netinet6/ipcomp_input.c in the KAME project before 20071201 does not properly check the return value of the m_pulldown function, which allows remote attackers to cause a denial of service (system crash) via an IPv6 packet with an IPComp header.
References
Vulnerable Configurations
  • cpe:2.3:a:kame:ipcomp:*:*:*:*:*:*:*:*
    cpe:2.3:a:kame:ipcomp:*:*:*:*:*:*:*:*
CVSS
Base: 7.8 (as of 29-09-2017 - 01:30)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE COMPLETE
cvss-vector via4 AV:N/AC:L/Au:N/C:N/I:N/A:C
refmap via4
apple
  • APPLE-SA-2008-05-28
  • APPLE-SA-2008-07-11
bid 27642
cert TA08-150A
cert-vn VU#110947
confirm
exploit-db 5191
freebsd FreeBSD-SA-08:04
sectrack 1019314
secunia
  • 28788
  • 28816
  • 28979
  • 29130
  • 30430
  • 31074
vupen
  • ADV-2008-0441
  • ADV-2008-0688
  • ADV-2008-1697
  • ADV-2008-2094
Last major update 29-09-2017 - 01:30
Published 07-02-2008 - 22:00
Back to Top