CVE-2017-2634
HIGHLinux Kernel < 2.6.22.17 - Memory Corruption in DCCP IPv6 Header Handling
Title source: llmDescription
It was found that the Linux kernel's Datagram Congestion Control Protocol (DCCP) implementation before 2.6.22.17 used the IPv4-only inet_sk_rebuild_header() function for both IPv4 and IPv6 DCCP connections, which could result in memory corruptions. A remote attacker could use this flaw to crash the system.
References (7)
Core 7
Core References
Third Party Advisory vendor-advisory
x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2017-0323.html
Patch, Third Party Advisory x_refsource_confirm
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=f53dc67c5e7babafe239b93a11678b0e05bead51
Third Party Advisory vendor-advisory
x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2017-0347.html
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id/1037909
Issue Tracking, Patch, Third Party Advisory x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2634
Third Party Advisory vendor-advisory
x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2017-0346.html
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/96529
Scores
CVSS v3
7.5
EPSS
0.0518
EPSS Percentile
91.4%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Details
CWE
CWE-119
CWE-476
Status
published
Products (6)
linux/linux_kernel
< 2.6.22.17
redhat/enterprise_linux_desktop
5.0
redhat/enterprise_linux_server
5.0
redhat/enterprise_linux_server_aus
5.6
redhat/enterprise_linux_server_aus
5.9
redhat/enterprise_linux_workstation
5.0
Published
Jul 27, 2018
Tracked Since
Feb 18, 2026