// For flags

CVE-2007-4997

kernel ieee80211 off-by-two integer underflow

Severity Score

7.1
*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

Integer underflow in the ieee80211_rx function in net/ieee80211/ieee80211_rx.c in the Linux kernel 2.6.x before 2.6.23 allows remote attackers to cause a denial of service (crash) via a crafted SKB length value in a runt IEEE 802.11 frame when the IEEE80211_STYPE_QOS_DATA flag is set, aka an "off-by-two error."

desbordamiento inferior de entero en la funcióni eee80211_rx en net/ieee80211/ieee80211_rx.c en el nucleo de Linux 2.6.x anterior a 2.6.23 permite a atacantes remotos provocar denegación de servicio (caida) a través de una longitud SKB manipulada en una ventana pequeña IEEE 802.11 cuando la bandera IEEE80211_STYPE_QOS_DATA está asignada, también conocido como "error de duera de los dos"

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Medium
Authentication
None
Confidentiality
None
Integrity
None
Availability
Complete
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2007-09-20 CVE Reserved
  • 2007-11-06 CVE Published
  • 2024-08-07 CVE Updated
  • 2024-10-17 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-189: Numeric Errors
  • CWE-190: Integer Overflow or Wraparound
CAPEC
References (32)
URL Tag Source
ftp://ftp.kernel.org/pub/linux/kernel/people/bunk/linux-2.6.16.y/testing/ChangeLog-2.6.16.57-rc1 X_refsource_confirm
http://git.kernel.org/?p=linux/kernel/git/avi/kvm.git%3Ba=commitdiff%3Bh=04045f98e0457aba7d4e6736f37eed189c48a5f7 X_refsource_misc
http://secunia.com/advisories/27555 Third Party Advisory
http://secunia.com/advisories/27614 Third Party Advisory
http://secunia.com/advisories/27824 Third Party Advisory
http://secunia.com/advisories/27912 Third Party Advisory
http://secunia.com/advisories/28033 Third Party Advisory
http://secunia.com/advisories/28162 Third Party Advisory
http://secunia.com/advisories/28170 Third Party Advisory
http://secunia.com/advisories/28706 Third Party Advisory
http://secunia.com/advisories/28806 Third Party Advisory
http://secunia.com/advisories/28971 Third Party Advisory
http://www.securityfocus.com/bid/26337 Vdb Entry
http://www.vupen.com/english/advisories/2007/3718 Vdb Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/38247 Vdb Entry
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10596 Signature
URL Date SRC
URL Date SRC
http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.23 2023-02-13
URL Date SRC
http://lists.opensuse.org/opensuse-security-announce/2007-12/msg00001.html 2023-02-13
http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00002.html 2023-02-13
http://www.debian.org/security/2007/dsa-1428 2023-02-13
http://www.mandriva.com/security/advisories?name=MDKSA-2007:226 2023-02-13
http://www.mandriva.com/security/advisories?name=MDKSA-2007:232 2023-02-13
http://www.mandriva.com/security/advisories?name=MDVSA-2008:008 2023-02-13
http://www.mandriva.com/security/advisories?name=MDVSA-2008:105 2023-02-13
http://www.novell.com/linux/security/advisories/2007_59_kernel.html 2023-02-13
http://www.redhat.com/support/errata/RHSA-2007-0993.html 2023-02-13
http://www.redhat.com/support/errata/RHSA-2007-1104.html 2023-02-13
http://www.ubuntu.com/usn/usn-558-1 2023-02-13
http://www.ubuntu.com/usn/usn-574-1 2023-02-13
http://www.ubuntu.com/usn/usn-578-1 2023-02-13
https://access.redhat.com/security/cve/CVE-2007-4997 2007-12-19
https://bugzilla.redhat.com/show_bug.cgi?id=346341 2007-12-19
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Linux
Search vendor "Linux"
 Linux Kernel
Search vendor "Linux" for product "Linux Kernel"
 <= 2.6.22.7
Search vendor "Linux" for product "Linux Kernel" and version " <= 2.6.22.7"
-
Affected