Florian Westphal

8 exploits Active since May 2005
CVE-2012-1577 WRITEUP CRITICAL WRITEUP
OpenBSD - Info Disclosure
lib/libc/stdlib/random.c in OpenBSD returns 0 when seeded with 0.
CVSS 9.8
CVE-2015-1465 WRITEUP WRITEUP
Linux kernel <3.18.8 - DoS
The IPv4 implementation in the Linux kernel before 3.18.8 does not properly consider the length of the Read-Copy Update (RCU) grace period for redirecting lookups in the absence of caching, which allows remote attackers to cause a denial of service (memory consumption or system crash) via a flood of packets.
CVE-2016-9755 WRITEUP HIGH WRITEUP
Linux Kernel < 4.8.15 - Out-of-Bounds Write
The netfilter subsystem in the Linux kernel before 4.9 mishandles IPv6 reassembly, which allows local users to cause a denial of service (integer overflow, out-of-bounds write, and GPF) or possibly have unspecified other impact via a crafted application that makes socket, connect, and writev system calls, related to net/ipv6/netfilter/nf_conntrack_reasm.c and net/ipv6/netfilter/nf_defrag_ipv6_hooks.c.
CVSS 7.8
CVE-2018-1065 WRITEUP MEDIUM WRITEUP
Linux Kernel < 4.15.7 - NULL Pointer Dereference
The netfilter subsystem in the Linux kernel through 4.15.7 mishandles the case of a rule blob that contains a jump but lacks a user-defined chain, which allows local users to cause a denial of service (NULL pointer dereference) by leveraging the CAP_NET_RAW or CAP_NET_ADMIN capability, related to arpt_do_table in net/ipv4/netfilter/arp_tables.c, ipt_do_table in net/ipv4/netfilter/ip_tables.c, and ip6t_do_table in net/ipv6/netfilter/ip6_tables.c.
CVSS 4.7
CVE-2018-1068 WRITEUP MEDIUM WRITEUP
Linux Kernel < 3.2.102 - Out-of-Bounds Write
A flaw was found in the Linux 4.x kernel's implementation of 32-bit syscall interface for bridging. This allowed a privileged user to arbitrarily write to a limited range of kernel memory.
CVSS 6.7
CVE-2023-1095 WRITEUP MEDIUM WRITEUP
Linux Kernel < 6.0 - NULL Pointer Dereference
In nf_tables_updtable, if nf_tables_table_enable returns an error, nft_trans_destroy is called to free the transaction object. nft_trans_destroy() calls list_del(), but the transaction was never placed on a list -- the list head is all zeroes, this results in a NULL pointer dereference.
CVSS 5.5
CVE-2023-5972 WRITEUP HIGH WRITEUP
Linux Kernel < 6.5.10 - NULL Pointer Dereference
A null pointer dereference flaw was found in the nft_inner.c functionality of netfilter in the Linux kernel. This issue could allow a local user to crash the system or escalate their privileges on the system.
CVSS 7.0
CVE-2005-0199 EXPLOITDB CRITICAL c WORKING POC
Barton Ngircd < 0.8.2 - Integer Underflow
Integer underflow in the Lists_MakeMask() function in lists.c in ngIRCd before 0.8.2 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a long MODE line that causes an incorrect length calculation, which leads to a buffer overflow.
CVSS 9.8