Memory leak in the ipip6_rcv function in net/ipv6/sit.c in the Linux kernel 2.4 before 2.4.36.5 and 2.6 before 2.6.25.3 allows remote attackers to cause a denial of service (memory consumption) via network traffic to a Simple Internet Transition (SIT) tunnel interface, related to the pskb_may_pull and kfree_skb functions, and management of an skb reference count.

Threat-Mapped Scoring

Score: 1.5

Priority: P4 - Informational (Low)

• S10 – Denial of Service

EPSS

Score: 0.14973
Percentile: 0.94232

CVSS Scoring

Affected Products

• cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
• cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
• cpe:2.3:o:debian:debian_linux:4.0:*:*:*:*:*:*:*
• cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:lts:*:*:*
• cpe:2.3:o:canonical:ubuntu_linux:7.04:*:*:*:*:*:*:*
• cpe:2.3:o:canonical:ubuntu_linux:7.10:*:*:*:*:*:*:*
• cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:lts:*:*:*

← Back to Home