CVE-2007-2172

Published Apr 22, 2007

Last updated a year ago

CVSS info 4.7

Overview

Description: A typo in Linux kernel 2.6 before 2.6.21-rc6 and 2.4 before 2.4.35 causes RTA_MAX to be used as an array size instead of RTN_MAX, which leads to an "out of bound access" by the (1) dn_fib_props (dn_fib.c, DECNet) and (2) fib_props (fib_semantics.c, IPv4) functions.
Source: cve@mitre.org
NVD status: Modified

Risk scores

CVSS 2.0

Type: Primary
Base score: 4.7
Impact score: 6.9
Exploitability score: 3.4
Vector string: AV:L/AC:M/Au:N/C:N/I:N/A:C

Weaknesses

nvd@nist.gov: CWE-20

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1FDADBBD-FCAE-4A5A-9B7D-14EF90D2DAB1",
            "versionEndExcluding": "2.4.35",
            "versionStartIncluding": "2.4.0"
          },
          {
            "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7F9EB73D-5DB8-46DE-995B-1FB161D93275",
            "versionEndIncluding": "2.6.20",
            "versionStartIncluding": "2.6.0"
          },
          {
            "criteria": "cpe:2.3:o:linux:linux_kernel:2.6.21:git1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C8CBD2D9-3765-40B2-A056-D71BE750CC01"
          },
          {
            "criteria": "cpe:2.3:o:linux:linux_kernel:2.6.21:git2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A8F4D967-ED04-42EA-8B3E-36301D39D651"
          },
          {
            "criteria": "cpe:2.3:o:linux:linux_kernel:2.6.21:git3:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C498EE89-7F07-4B1E-90E6-5897E6B04670"
          },
          {
            "criteria": "cpe:2.3:o:linux:linux_kernel:2.6.21:git4:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "708656AF-92AE-4EAF-AF19-F457DB04ADB7"
          },
          {
            "criteria": "cpe:2.3:o:linux:linux_kernel:2.6.21:git5:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3B263AB8-74A4-4C73-915C-A02724C24B45"
          },
          {
            "criteria": "cpe:2.3:o:linux:linux_kernel:2.6.21:git6:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A96D739B-9E8B-4D2F-9DED-4C9B313473CC"
          },
          {
            "criteria": "cpe:2.3:o:linux:linux_kernel:2.6.21:git7:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4ACDEFEE-B946-4232-8BD5-A9F7AA84ED85"
          },
          {
            "criteria": "cpe:2.3:o:linux:linux_kernel:2.6.21:rc1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "08A6E33E-5847-45DA-B9C9-79A7C5C877D6"
          },
          {
            "criteria": "cpe:2.3:o:linux:linux_kernel:2.6.21:rc2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B1F60C33-3CEA-45F0-97FA-18C029270190"
          },
          {
            "criteria": "cpe:2.3:o:linux:linux_kernel:2.6.21:rc3:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "247E13CB-9B11-4B64-80AD-C0F8482CCC0E"
          },
          {
            "criteria": "cpe:2.3:o:linux:linux_kernel:2.6.21:rc4:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "903FE5D3-A9FB-466D-833B-448233BB0803"
          },
          {
            "criteria": "cpe:2.3:o:linux:linux_kernel:2.6.21:rc5:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "958EDC43-0848-4D93-9D07-6A085A5940B0"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:debian:debian_linux:3.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A2E0C1F8-31F5-4F61-9DF7-E49B43D3C873"
          },
          {
            "criteria": "cpe:2.3:o:debian:debian_linux:4.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0F92AB32-E7DE-43F4-B877-1F41FA162EC7"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:lts:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5C18C3CD-969B-4AA3-AE3A-BA4A188F8BFF"
          },
          {
            "criteria": "cpe:2.3:o:canonical:ubuntu_linux:6.10:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "23E304C9-F780-4358-A58D-1E4C93977704"
          },
          {
            "criteria": "cpe:2.3:o:canonical:ubuntu_linux:7.04:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6EBDAFF8-DE44-4E80-B6BD-E341F767F501"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 2.0

Weaknesses

Social media

Configurations

References