CVE-2023-39197

Published Jan 23, 2024

Last updated 3 months ago

CVSS high 7.5

Overview

Description: An out-of-bounds read vulnerability was found in Netfilter Connection Tracking (conntrack) in the Linux kernel. This flaw allows a remote user to disclose sensitive information via the DCCP protocol.
Source: secalert@redhat.com
NVD status: Analyzed

Risk scores

CVSS 3.1

Type: Primary
Base score: 7.5
Impact score: 3.6
Exploitability score: 3.9
Vector string: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Severity: HIGH

Weaknesses

nvd@nist.gov: CWE-125
secalert@redhat.com: CWE-125

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "79658A41-FEEA-42AF-93D9-A85F7CF2123A",
            "versionEndExcluding": "5.4.251",
            "versionStartIncluding": "2.6.26"
          },
          {
            "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "43CAE50A-4A6C-488E-813C-F8DB77C13C8B",
            "versionEndExcluding": "5.10.188",
            "versionStartIncluding": "5.5"
          },
          {
            "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "EC77775B-EC31-4966-966C-1286C02B2A85",
            "versionEndExcluding": "5.15.121",
            "versionStartIncluding": "5.11"
          },
          {
            "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9BD1D4A1-304D-4187-8178-6D7C0050B1AF",
            "versionEndExcluding": "6.1.39",
            "versionStartIncluding": "5.16"
          },
          {
            "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "95CB4836-7F5D-4C20-B025-8E046EC87B78",
            "versionEndExcluding": "6.3.13",
            "versionStartIncluding": "6.2"
          },
          {
            "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6AB81046-CB69-4115-924C-963B37C41385",
            "versionEndExcluding": "6.4.4",
            "versionStartIncluding": "6.4"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "CC559B26-5DFC-4B7A-A27C-B77DE755DFF9"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 3.1

Weaknesses

Social media

Configurations

References