Lucene search

RedhatCVE-2013-4247

HistoryAug 25, 2013 - 3:27 a.m.

CVE-2013-4247

2013-08-2503:27:32

CWE-189

redhat

web.nvd.nist.gov

cve-2013-4247

linux kernel

memory corruption

system crash

denial of service

dfs share

remote attackers

CVSS2

7.8

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

AI Score

Confidence

High

EPSS

0.015

Percentile

87.2%

JSON

Off-by-one error in the build_unc_path_to_root function in fs/cifs/connect.c in the Linux kernel before 3.9.6 allows remote attackers to cause a denial of service (memory corruption and system crash) via a DFS share mount operation that triggers use of an unexpected DFS referral name length.

Affected configurations

Nvd

Node

linuxlinux_kernelRange3.8–3.9.6

VendorProductVersionCPE
linuxlinux_kernel*cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
linux	linux_kernel	*	cpe:2.3:o:linux:linux_kernel::::::::

References

git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=1fc29bacedeabb278080e31bb9c1ecb49f143c3b

www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.9.6

www.openwall.com/lists/oss-security/2013/08/14/10

bugzilla.redhat.com/show_bug.cgi?id=998401

github.com/torvalds/linux/commit/1fc29bacedeabb278080e31bb9c1ecb49f143c3b

CVSS2

7.8

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

AI Score

Confidence

High

EPSS

0.015

Percentile

87.2%

JSON

Related for CVE-2013-4247