CVE-2007-2172
fib_semantics.c out of bounds access vulnerability
Severity Score
4.7
*CVSS v2
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
A typo in Linux kernel 2.6 before 2.6.21-rc6 and 2.4 before 2.4.35 causes RTA_MAX to be used as an array size instead of RTN_MAX, which leads to an "out of bound access" by the (1) dn_fib_props (dn_fib.c, DECNet) and (2) fib_props (fib_semantics.c, IPv4) functions.
Un error tipográfico en el Kernel de Linux versión 2.6 anterior a 2.6.21-rc6 y versión 2.4 anterior a 2.4.35 hace que RTA_MAX se utilice como un tamaño de matriz en lugar de RTN_MAX, lo que conlleva a un "out of bound access" mediante las funciones (1) dn_fib_props (dn_fib.c, DECNet) y (2) fib_props (fib_semantics.c, IPv4).
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2007-04-22 CVE Reserved
- 2007-04-22 CVE Published
- 2024-08-07 CVE Updated
- 2024-09-14 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-20: Improper Input Validation
CAPEC
References (34)
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://www.securityfocus.com/bid/23447 | 2023-11-07 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 2.4.0 < 2.4.35 Search vendor "Linux" for product "Linux Kernel" and version " >= 2.4.0 < 2.4.35" | - |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 2.6.0 <= 2.6.20 Search vendor "Linux" for product "Linux Kernel" and version " >= 2.6.0 <= 2.6.20" | - |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | 2.6.21 Search vendor "Linux" for product "Linux Kernel" and version "2.6.21" | git1 |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | 2.6.21 Search vendor "Linux" for product "Linux Kernel" and version "2.6.21" | git2 |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | 2.6.21 Search vendor "Linux" for product "Linux Kernel" and version "2.6.21" | git3 |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | 2.6.21 Search vendor "Linux" for product "Linux Kernel" and version "2.6.21" | git4 |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | 2.6.21 Search vendor "Linux" for product "Linux Kernel" and version "2.6.21" | git5 |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | 2.6.21 Search vendor "Linux" for product "Linux Kernel" and version "2.6.21" | git6 |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | 2.6.21 Search vendor "Linux" for product "Linux Kernel" and version "2.6.21" | git7 |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | 2.6.21 Search vendor "Linux" for product "Linux Kernel" and version "2.6.21" | rc1 |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | 2.6.21 Search vendor "Linux" for product "Linux Kernel" and version "2.6.21" | rc2 |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | 2.6.21 Search vendor "Linux" for product "Linux Kernel" and version "2.6.21" | rc3 |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | 2.6.21 Search vendor "Linux" for product "Linux Kernel" and version "2.6.21" | rc4 |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | 2.6.21 Search vendor "Linux" for product "Linux Kernel" and version "2.6.21" | rc5 |
Affected
| ||||||
| Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 3.1 Search vendor "Debian" for product "Debian Linux" and version "3.1" | - |
Affected
| ||||||
| Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 4.0 Search vendor "Debian" for product "Debian Linux" and version "4.0" | - |
Affected
| ||||||
| Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 6.06 Search vendor "Canonical" for product "Ubuntu Linux" and version "6.06" | lts |
Affected
| ||||||
| Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 6.10 Search vendor "Canonical" for product "Ubuntu Linux" and version "6.10" | - |
Affected
| ||||||
| Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 7.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "7.04" | - |
Affected
| ||||||