CVE-2010-0006

CVSS V2 High 7.1 CVSS V3 None
Description
The ipv6_hop_jumbo function in net/ipv6/exthdrs.c in the Linux kernel before 2.6.32.4, when network namespaces are enabled, allows remote attackers to cause a denial of service (NULL pointer dereference) via an invalid IPv6 jumbogram, a related issue to CVE-2007-4567.
Overview
  • CVE ID
  • CVE-2010-0006
  • Assigner
  • secalert@redhat.com
  • Vulnerability Status
  • Modified
  • Published Version
  • 2010-01-26T18:30:01
  • Last Modified Date
  • 2023-02-13T02:20:57
Weakness Enumerations
CWE URL
CWE-476 http://cwe.mitre.org/data/definitions/476.html
CPE Configuration (Product)
CPE Vulnerable Operator Version Start Version End
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* 1 OR 2.6.32.4
CVSS Version 2
  • Version
  • 2.0
  • Vector String
  • AV:N/AC:M/Au:N/C:N/I:N/A:C
  • Access Vector
  • NETWORK
  • Access Compatibility
  • MEDIUM
  • Authentication
  • NONE
  • Confidentiality Impact
  • NONE
  • Integrity Impact
  • NONE
  • Availability Impact
  • COMPLETE
  • Base Score
  • 7.1
  • Severity
  • HIGH
  • Exploitability Score
  • 8.6
  • Impact Score
  • 6.9
References
Reference URL Reference Tags
http://www.securityfocus.com/bid/37810 Mailing List Third Party Advisory VDB Entry
http://lists.fedoraproject.org/pipermail/package-announce/2010-January/034250.html Mailing List Third Party Advisory
http://secunia.com/advisories/38333 Third Party Advisory
http://www.openwall.com/lists/oss-security/2010/01/14/2 Third Party Advisory
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=2570a4f5428bcdb1077622342181755741e7fa60 Vendor Advisory
http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.32.4 Vendor Advisory
http://www.osvdb.org/61876 Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=555217 Third Party Advisory
http://secunia.com/advisories/38168 Third Party Advisory
http://marc.info/?l=linux-netdev&m=126343325807340&w=2 Mailing List Third Party Advisory
http://bugs.gentoo.org/show_bug.cgi?id=300951 Third Party Advisory
http://security-tracker.debian.org/tracker/CVE-2010-0006 Third Party Advisory
http://cert.fi/en/reports/2010/vulnerability341748.html Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2010-02/msg00002.html Mailing List Third Party Advisory
Sources
Source Name Source URL
NIST https://nvd.nist.gov/vuln/detail/CVE-2010-0006
MITRE https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0006
History
Created Old Value New Value Data Type Notes
2022-05-10 17:53:12 Added to TrackCVE
2023-02-02 19:02:43 2023-02-02T17:17:04 CVE Modified Date updated
2023-02-02 19:02:43 Analyzed Modified Vulnerability Status updated
2023-02-02 19:02:44 The ipv6_hop_jumbo function in net/ipv6/exthdrs.c in the Linux kernel before 2.6.32.4, when network namespaces are enabled, allows remote attackers to cause a denial of service (NULL pointer dereference) via an invalid IPv6 jumbogram, a related issue to CVE-2007-4567. CVE-2010-0006 kernel: ipv6: skb_dst() can be NULL in ipv6_hop_jumbo() Description updated
2023-02-13 03:03:30 2023-02-13T02:20:57 CVE Modified Date updated
2023-02-13 03:03:31 CVE-2010-0006 kernel: ipv6: skb_dst() can be NULL in ipv6_hop_jumbo() The ipv6_hop_jumbo function in net/ipv6/exthdrs.c in the Linux kernel before 2.6.32.4, when network namespaces are enabled, allows remote attackers to cause a denial of service (NULL pointer dereference) via an invalid IPv6 jumbogram, a related issue to CVE-2007-4567. Description updated