CVE-2013-7470
MEDIUMLinux Kernel < 3.11.7 - Denial of Service via CIPSO IP Validation Infinite Loop
Title source: llmDescription
cipso_v4_validate in include/net/cipso_ipv4.h in the Linux kernel before 3.11.7, when CONFIG_NETLABEL is disabled, allows attackers to cause a denial of service (infinite loop and crash), as demonstrated by icmpsic, a different vulnerability than CVE-2013-0310.
References (5)
Core 5
Core References
Patch, Third Party Advisory x_refsource_misc
https://github.com/torvalds/linux/commit/f2e5ddcc0d12f9c4c7b254358ad245c9dddce13b
Patch, Vendor Advisory x_refsource_misc
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=f2e5ddcc0d12f9c4c7b254358ad245c9dddce13b
Vendor Advisory x_refsource_misc
https://cdn.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.11.7
Vendor Advisory x_refsource_confirm
https://support.f5.com/csp/article/K21914362
Various Sources x_refsource_misc
https://www.arista.com/en/support/advisories-notices/security-advisories/7098-security-advisory-40
Scores
CVSS v3
5.9
EPSS
0.0254
EPSS Percentile
83.0%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
Details
CWE
CWE-400
Status
published
Products (1)
linux/linux_kernel
< 3.11.7
Published
Apr 23, 2019
Tracked Since
Feb 18, 2026