Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nvd[email protected]NVD:CVE-2017-18017
HistoryJan 03, 2018 - 6:29 a.m.

CVE-2017-18017

2018-01-0306:29:00
CWE-416
[email protected]
web.nvd.nist.gov
1

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.6 High

AI Score

Confidence

High

0.954 High

EPSS

Percentile

99.4%

JSON

The tcpmss_mangle_packet function in net/netfilter/xt_TCPMSS.c in the Linux kernel before 4.11, and 4.9.x before 4.9.36, allows remote attackers to cause a denial of service (use-after-free and memory corruption) or possibly have unspecified other impact by leveraging the presence of xt_TCPMSS in an iptables action.

Affected configurations

NVD
Node
linuxlinux_kernelRange3.23.2.99
OR
linuxlinux_kernelRange3.33.10.108
OR
linuxlinux_kernelRange3.113.16.54
OR
linuxlinux_kernelRange3.173.18.60
OR
linuxlinux_kernelRange3.194.1.43
OR
linuxlinux_kernelRange4.24.4.76
OR
linuxlinux_kernelRange4.54.9.36
OR
linuxlinux_kernelRange4.104.11
Node
debiandebian_linuxMatch7.0
OR
debiandebian_linuxMatch8.0
Node
aristaeosMatch4.20.1fx-virtual-router
Node
f5arxRange6.2.06.4.0
Node
susecaas_platform
OR
suselinux_enterprise_debuginfoMatch11sp3
OR
suselinux_enterprise_debuginfoMatch11sp4
OR
suselinux_enterprise_module_for_public_cloudMatch12
OR
suselinux_enterprise_point_of_saleMatch11sp3
OR
suseopenstack_cloudMatch6
OR
opensuseleapMatch42.3
OR
suselinux_enterprise_desktopMatch12sp2
OR
suselinux_enterprise_desktopMatch12sp3
OR
suselinux_enterprise_high_availabilityMatch12sp2
OR
suselinux_enterprise_high_availabilityMatch12sp3
OR
suselinux_enterprise_high_availability_extensionMatch11sp4
OR
suselinux_enterprise_live_patchingMatch12-
OR
suselinux_enterprise_live_patchingMatch12sp3
OR
suselinux_enterprise_real_time_extensionMatch11sp4
OR
suselinux_enterprise_real_time_extensionMatch12sp2
OR
suselinux_enterprise_real_time_extensionMatch12sp3
OR
suselinux_enterprise_serverMatch11sp3ltss
OR
suselinux_enterprise_serverMatch11sp4
OR
suselinux_enterprise_serverMatch12ltss
OR
suselinux_enterprise_serverMatch12sp1sap
OR
suselinux_enterprise_serverMatch12sp1ltss
OR
suselinux_enterprise_serverMatch12sp2
OR
suselinux_enterprise_serverMatch12sp2raspberry_pi
OR
suselinux_enterprise_serverMatch12sp3--
OR
suselinux_enterprise_software_development_kitMatch11sp4
OR
suselinux_enterprise_software_development_kitMatch12sp2
OR
suselinux_enterprise_software_development_kitMatch12sp3
OR
suselinux_enterprise_workstation_extensionMatch12sp2
OR
suselinux_enterprise_workstation_extensionMatch12sp3
Node
openstackcloud_magnum_orchestrationMatch7
Node
canonicalubuntu_linuxMatch12.04-
OR
canonicalubuntu_linuxMatch14.04esm
Node
redhatmrg_realtimeMatch2.0
OR
redhatenterprise_linux_desktopMatch6.0
OR
redhatenterprise_linux_desktopMatch7.0
OR
redhatenterprise_linux_eusMatch7.3
OR
redhatenterprise_linux_eusMatch7.4
OR
redhatenterprise_linux_eusMatch7.6
OR
redhatenterprise_linux_eusMatch7.7
OR
redhatenterprise_linux_for_real_timeMatch7
OR
redhatenterprise_linux_for_real_time_for_nfvMatch7
OR
redhatenterprise_linux_serverMatch6.0
OR
redhatenterprise_linux_serverMatch7.0
OR
redhatenterprise_linux_server_ausMatch7.3
OR
redhatenterprise_linux_server_ausMatch7.4
OR
redhatenterprise_linux_server_ausMatch7.6
OR
redhatenterprise_linux_server_ausMatch7.7
OR
redhatenterprise_linux_server_tusMatch7.3
OR
redhatenterprise_linux_server_tusMatch7.4
OR
redhatenterprise_linux_server_tusMatch7.6
OR
redhatenterprise_linux_server_tusMatch7.7
OR
redhatenterprise_linux_workstationMatch6.0
OR
redhatenterprise_linux_workstationMatch7.0

References

Related

prion 1
redhatcve 1
ubuntucve 1
nessus 37
virtuozzo 4
arista 1
f5 1
osv 3
debiancve 1
veracode 1
cvelist 1
cve 1
oraclelinux 6
redhat 6
ibm 8
openvas 15
photon 1
suse 10
centos 2
symantec 1
ubuntu 2
debian 3
prion
prion
Memory corruption
2018-01-03 06:29:00
redhatcve
redhatcve
CVE-2017-18017
2018-01-04 16:19:48
ubuntucve
ubuntucve
CVE-2017-18017
2018-01-03 00:00:00
nessus
nessus
Virtuozzo 7 : readykernel-patch (VZA-2018-005)
2018-01-16 00:00:00
Arista Networks tcpmss_mangle_packet DoS (SA0034)
2020-02-24 00:00:00
Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2018-4268)
2018-11-09 00:00:00
virtuozzo
virtuozzo
Kernel security update: CVE-2017-18017; Virtuozzo ReadyKernel patch 42.0 for Virtuozzo 7.0.4, 7.0.4 HF3, 7.0.5, 7.0.6, and 7.0.6 HF3
2018-01-12 00:00:00
Kernel security update: CVE-2017-18017 and other; new kernel 2.6.32-042stab128.2, Virtuozzo 6.0 Update 12 Hotfix 22 (6.0.12-3701)
2018-03-26 00:00:00
Kernel security update: CVE-2017-18017 and other; new kernel 2.6.32-042stab128.2 for Virtuozzo Containers for Linux 4.7, Server Bare Metal 5.0
2018-03-26 00:00:00
arista
arista
Security Advisory 0034
2018-05-02 00:00:00
f5
f5
K18352029 : Linux kernel vulnerability CVE-2017-18017
2018-01-16 00:00:00
osv
osv
CVE-2017-18017
2018-01-03 06:29:00
linux - security update
2018-04-30 00:00:00
linux - security update
2018-05-01 00:00:00
debiancve
debiancve
CVE-2017-18017
2018-01-03 06:29:00
veracode
veracode
Denial Of Service (DoS)
2019-03-27 04:35:00
cvelist
cvelist
CVE-2017-18017
2018-01-03 06:00:00
cve
cve
CVE-2017-18017
2018-01-03 06:29:00
oraclelinux
oraclelinux
Unbreakable Enterprise kernel security update
2018-11-08 00:00:00
kernel security and bug fix update
2018-05-08 00:00:00
Unbreakable Enterprise kernel security update
2018-07-10 00:00:00
redhat
redhat
(RHSA-2018:1737) Important: kernel security and bug fix update
2018-05-29 17:59:32
(RHSA-2018:1170) Important: kernel-rt security and bug fix update
2018-04-17 14:55:13
(RHSA-2018:1319) Important: kernel security and bug fix update
2018-05-08 17:59:26
ibm
ibm
Security Bulletin: Multiple Vulnerabilities in the Linux kernel affect the IBM FlashSystem models V840 and V9000
2019-11-11 15:20:37
Security Bulletin: Multiple Vulnerabilities in the Linux kernel affect the IBM FlashSystem 840 and 900
2023-02-18 01:45:50
Security Bulletin: Multiple vulnerabilities in the Linux kernel affect IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products
2023-03-29 01:48:02
openvas
openvas
Huawei EulerOS: Security Advisory for kernel (EulerOS-SA-2018-1234)
2020-01-23 00:00:00
CentOS Update for kernel CESA-2018:1319 centos6
2018-05-10 00:00:00
SUSE: Security Advisory (SUSE-SU-2018:0660-1)
2021-06-09 00:00:00
photon
photon
Critical Photon OS Security Update - PHSA-2017-0055
2017-07-25 00:00:00
suse
suse
Security update for the Linux Kernel (important)
2018-03-12 12:08:22
Security update for the Linux Kernel (important)
2018-03-29 15:07:44
Security update for the Linux Kernel (important)
2018-02-09 15:09:34
centos
centos
kernel, perf, python security update
2018-05-10 01:00:09
kernel security update
2018-04-27 05:53:39
symantec
symantec
Linux Kernel Aug 2017 - Sep 2018 Vulnerabilities
2018-11-28 08:01:01
ubuntu
ubuntu
Linux kernel vulnerabilities
2018-02-23 00:00:00
Linux kernel (Trusty HWE) vulnerabilities
2018-02-23 00:00:00
debian
debian
[SECURITY] [DLA 1369-1] linux security update
2018-05-02 20:58:29
[SECURITY] [DSA 4187-1] linux security update
2018-05-01 17:12:02
[SECURITY] [DSA 4187-1] linux security update
2018-05-01 17:12:02

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.6 High

AI Score

Confidence

High

0.954 High

EPSS

Percentile

99.4%

JSON
Related for NVD:CVE-2017-18017
prion1redhatcve1ubuntucve1nessus37virtuozzo4arista1f51osv3debiancve1veracode1cvelist1cve1oraclelinux6redhat6ibm8openvas15photon1suse10centos2symantec1ubuntu2debian3