Florian Westphal

12 exploits Active since May 2005
CVE-2016-3134 WRITEUP HIGH WRITEUP
SUSE Linux Enterprise - Heap Memory Corruption via netfilter IPT_SO_SET_REPLACE
The netfilter subsystem in the Linux kernel through 4.5.2 does not validate certain offset fields, which allows local users to gain privileges or cause a denial of service (heap memory corruption) via an IPT_SO_SET_REPLACE setsockopt call.
CVSS 8.4
CVE-2016-4997 WRITEUP HIGH WRITEUP
Linux Kernel 4.6.3 Netfilter Privilege Escalation
The compat IPT_SO_SET_REPLACE and IP6T_SO_SET_REPLACE setsockopt implementations in the netfilter subsystem in the Linux kernel before 4.6.3 allow local users to gain privileges or cause a denial of service (memory corruption) by leveraging in-container root access to provide a crafted offset value that triggers an unintended decrement.
CVSS 7.8
CVE-2016-4998 WRITEUP HIGH WRITEUP
Linux Kernel < 4.6 - Denial of Service via IPT_SO_SET_REPLACE Out-of-Bounds Read
The IPT_SO_SET_REPLACE setsockopt implementation in the netfilter subsystem in the Linux kernel before 4.6 allows local users to cause a denial of service (out-of-bounds read) or possibly obtain sensitive information from kernel heap memory by leveraging in-container root access to provide a crafted offset value that leads to crossing a ruleset blob boundary.
CVSS 7.1
CVE-2023-5972 WRITEUP HIGH WRITEUP
Linux Kernel 6.2.1-6.5.9 - Null Pointer Dereference in netfilter nft_inner.c
A null pointer dereference flaw was found in the nft_inner.c functionality of netfilter in the Linux kernel. This issue could allow a local user to crash the system or escalate their privileges on the system.
CVSS 7.0
CVE-2012-1577 WRITEUP CRITICAL WRITEUP
dietlibc - Weak PRNG Seed Handling
lib/libc/stdlib/random.c in OpenBSD returns 0 when seeded with 0.
CVSS 9.8
CVE-2015-1465 WRITEUP WRITEUP
Linux Kernel 3.10.50-3.10.69 - Denial of Service via IPv4 RCU Grace Period Mismanagement
The IPv4 implementation in the Linux kernel before 3.18.8 does not properly consider the length of the Read-Copy Update (RCU) grace period for redirecting lookups in the absence of caching, which allows remote attackers to cause a denial of service (memory consumption or system crash) via a flood of packets.
CVE-2016-9755 WRITEUP HIGH WRITEUP
Linux Kernel < 4.8.15 - Out-of-bounds Write in IPv6 Reassembly
The netfilter subsystem in the Linux kernel before 4.9 mishandles IPv6 reassembly, which allows local users to cause a denial of service (integer overflow, out-of-bounds write, and GPF) or possibly have unspecified other impact via a crafted application that makes socket, connect, and writev system calls, related to net/ipv6/netfilter/nf_conntrack_reasm.c and net/ipv6/netfilter/nf_defrag_ipv6_hooks.c.
CVSS 7.8
CVE-2018-1065 WRITEUP MEDIUM WRITEUP
Linux Kernel < 4.15.7 - Denial of Service via Netfilter Rule Blob NULL Pointer Dereference
The netfilter subsystem in the Linux kernel through 4.15.7 mishandles the case of a rule blob that contains a jump but lacks a user-defined chain, which allows local users to cause a denial of service (NULL pointer dereference) by leveraging the CAP_NET_RAW or CAP_NET_ADMIN capability, related to arpt_do_table in net/ipv4/netfilter/arp_tables.c, ipt_do_table in net/ipv4/netfilter/ip_tables.c, and ip6t_do_table in net/ipv6/netfilter/ip6_tables.c.
CVSS 4.7
CVE-2018-1068 WRITEUP MEDIUM WRITEUP
Linux Kernel < 3.2.102 - Memory Corruption via 32-bit Syscall Bridging
A flaw was found in the Linux 4.x kernel's implementation of 32-bit syscall interface for bridging. This allowed a privileged user to arbitrarily write to a limited range of kernel memory.
CVSS 6.7
CVE-2023-1095 WRITEUP MEDIUM WRITEUP
Linux Kernel < 6.0 - NULL Pointer Dereference in nf_tables_updtable Error Path
In nf_tables_updtable, if nf_tables_table_enable returns an error, nft_trans_destroy is called to free the transaction object. nft_trans_destroy() calls list_del(), but the transaction was never placed on a list -- the list head is all zeroes, this results in a NULL pointer dereference.
CVSS 5.5
CVE-2023-5972 WRITEUP HIGH WRITEUP
Linux Kernel 6.2.1-6.5.9 - Null Pointer Dereference in netfilter nft_inner.c
A null pointer dereference flaw was found in the nft_inner.c functionality of netfilter in the Linux kernel. This issue could allow a local user to crash the system or escalate their privileges on the system.
CVSS 7.0
CVE-2005-0199 EXPLOITDB CRITICAL c WORKING POC
ngIRCd < 0.8.2 - Remote Denial of Service and Possible Code Execution via MODE Line Integer Underflow
Integer underflow in the Lists_MakeMask() function in lists.c in ngIRCd before 0.8.2 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a long MODE line that causes an incorrect length calculation, which leads to a buffer overflow.
CVSS 9.8