Vulnerability-Lookup

CVE-2012-0207 (GCVE-0-2012-0207)

Vulnerability from cvelistv5 – Published: 2012-05-17 10:00 – Updated: 2024-09-16 19:41

Summary

The igmp_heard_query function in net/ipv4/igmp.c in the Linux kernel before 3.2.1 allows remote attackers to cause a denial of service (divide-by-zero error and panic) via IGMP packets.

Severity ?

No CVSS data available.

CWE

Assigner

debian

References

URL

Tags

	http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=654876	x_refsource_CONFIRM
	https://github.com/torvalds/linux/commit/25c413ad…	x_refsource_CONFIRM
	http://www.kernel.org/pub/linux/kernel/v3.x/Chang…	x_refsource_CONFIRM
	https://github.com/torvalds/linux/commit/a8c1f65c…	x_refsource_CONFIRM
	https://bugzilla.redhat.com/show_bug.cgi?id=772867	x_refsource_CONFIRM
	http://www.openwall.com/lists/oss-security/2012/01/10/5	mailing-listx_refsource_MLIST
	http://git.kernel.org/?p=linux/kernel/git/torvald…	x_refsource_CONFIRM

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T18:16:20.159Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=654876"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/torvalds/linux/commit/25c413ad0029ea86008234be28aee33456e53e5b"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.2.1"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/torvalds/linux/commit/a8c1f65c79cbbb2f7da782d4c9d15639a9b94b27"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=772867"
          },
          {
            "name": "[oss-security] 20120110 CVE-2012-0207 kernel: igmp: Avoid zero delay when receiving odd mixture of IGMP queries",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2012/01/10/5"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=a8c1f65c79cbbb2f7da782d4c9d15639a9b94b27"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "The igmp_heard_query function in net/ipv4/igmp.c in the Linux kernel before 3.2.1 allows remote attackers to cause a denial of service (divide-by-zero error and panic) via IGMP packets."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2012-05-17T10:00:00.000Z",
        "orgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
        "shortName": "debian"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=654876"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/torvalds/linux/commit/25c413ad0029ea86008234be28aee33456e53e5b"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.2.1"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/torvalds/linux/commit/a8c1f65c79cbbb2f7da782d4c9d15639a9b94b27"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=772867"
        },
        {
          "name": "[oss-security] 20120110 CVE-2012-0207 kernel: igmp: Avoid zero delay when receiving odd mixture of IGMP queries",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2012/01/10/5"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=a8c1f65c79cbbb2f7da782d4c9d15639a9b94b27"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@debian.org",
          "ID": "CVE-2012-0207",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The igmp_heard_query function in net/ipv4/igmp.c in the Linux kernel before 3.2.1 allows remote attackers to cause a denial of service (divide-by-zero error and panic) via IGMP packets."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=654876",
              "refsource": "CONFIRM",
              "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=654876"
            },
            {
              "name": "https://github.com/torvalds/linux/commit/25c413ad0029ea86008234be28aee33456e53e5b",
              "refsource": "CONFIRM",
              "url": "https://github.com/torvalds/linux/commit/25c413ad0029ea86008234be28aee33456e53e5b"
            },
            {
              "name": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.2.1",
              "refsource": "CONFIRM",
              "url": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.2.1"
            },
            {
              "name": "https://github.com/torvalds/linux/commit/a8c1f65c79cbbb2f7da782d4c9d15639a9b94b27",
              "refsource": "CONFIRM",
              "url": "https://github.com/torvalds/linux/commit/a8c1f65c79cbbb2f7da782d4c9d15639a9b94b27"
            },
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=772867",
              "refsource": "CONFIRM",
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=772867"
            },
            {
              "name": "[oss-security] 20120110 CVE-2012-0207 kernel: igmp: Avoid zero delay when receiving odd mixture of IGMP queries",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2012/01/10/5"
            },
            {
              "name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=a8c1f65c79cbbb2f7da782d4c9d15639a9b94b27",
              "refsource": "CONFIRM",
              "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=a8c1f65c79cbbb2f7da782d4c9d15639a9b94b27"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
    "assignerShortName": "debian",
    "cveId": "CVE-2012-0207",
    "datePublished": "2012-05-17T10:00:00.000Z",
    "dateReserved": "2011-12-14T00:00:00.000Z",
    "dateUpdated": "2024-09-16T19:41:17.656Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

GHSA-6Q5H-Q7W3-MF7C

Vulnerability from github – Published: 2022-05-04 00:28 – Updated: 2025-04-11 03:57

Details

The igmp_heard_query function in net/ipv4/igmp.c in the Linux kernel before 3.2.1 allows remote attackers to cause a denial of service (divide-by-zero error and panic) via IGMP packets.

Severity ?

7.5 (High)


                  
                    CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2012-0207"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-369"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2012-05-17T11:00:00Z",
    "severity": "HIGH"
  },
  "details": "The igmp_heard_query function in net/ipv4/igmp.c in the Linux kernel before 3.2.1 allows remote attackers to cause a denial of service (divide-by-zero error and panic) via IGMP packets.",
  "id": "GHSA-6q5h-q7w3-mf7c",
  "modified": "2025-04-11T03:57:43Z",
  "published": "2022-05-04T00:28:49Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-0207"
    },
    {
      "type": "WEB",
      "url": "https://github.com/torvalds/linux/commit/25c413ad0029ea86008234be28aee33456e53e5b"
    },
    {
      "type": "WEB",
      "url": "https://github.com/torvalds/linux/commit/a8c1f65c79cbbb2f7da782d4c9d15639a9b94b27"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=772867"
    },
    {
      "type": "WEB",
      "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=654876"
    },
    {
      "type": "WEB",
      "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=a8c1f65c79cbbb2f7da782d4c9d15639a9b94b27"
    },
    {
      "type": "WEB",
      "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=a8c1f65c79cbbb2f7da782d4c9d15639a9b94b27"
    },
    {
      "type": "WEB",
      "url": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.2.1"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2012/01/10/5"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

CERTFR-2021-AVI-669

Vulnerability from certfr_avis - Published: 2021-09-01 - Updated: 2021-09-01

De multiples vulnérabilités ont été découvertes dans les produits Moxa. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à l'intégrité des données.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Moxa	N/A	micrologiciel des équipements de la gamme WAC-2004 : ces équipements ne sont plus maintenus et ne bénéficieront pas de correctif
Moxa	N/A	micrologiciel des équipements de la gamme OnCell G3470A sans le dernier correctif
Moxa	N/A	micrologiciel des équipements de la gamme WDR-3124A : ces équipements ne sont plus maintenus et ne bénéficieront pas de correctif
Moxa	N/A	micrologiciel des équipements de la gamme WAC-1001 sans le dernier correctif
Moxa	N/A	micrologiciel des équipements de la gamme TAP-323 sans le dernier correctif

References

Title

Publication Time

Tags

Bulletin de sécurité Moxa tap-323-wac-1001-2004-wireless-ap-bridge-client-vulnerabilities du 1 septembre 2021	None	vendor-advisory
Bulletin de sécurité Moxa oncell-g3470a-wdr-3124a-cellular-gateways-router-vulnerabilities du 1 septembre 2021	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "micrologiciel des \u00e9quipements de la gamme WAC-2004 : ces \u00e9quipements ne sont plus maintenus et ne b\u00e9n\u00e9ficieront pas de correctif",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Moxa",
          "scada": true
        }
      }
    },
    {
      "description": "micrologiciel des \u00e9quipements de la gamme OnCell G3470A sans le dernier correctif",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Moxa",
          "scada": true
        }
      }
    },
    {
      "description": "micrologiciel des \u00e9quipements de la gamme WDR-3124A : ces \u00e9quipements ne sont plus maintenus et ne b\u00e9n\u00e9ficieront pas de correctif",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Moxa",
          "scada": true
        }
      }
    },
    {
      "description": "micrologiciel des \u00e9quipements de la gamme WAC-1001 sans le dernier correctif",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Moxa",
          "scada": true
        }
      }
    },
    {
      "description": "micrologiciel des \u00e9quipements de la gamme TAP-323 sans le dernier correctif",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Moxa",
          "scada": true
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2010-0742",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0742"
    },
    {
      "name": "CVE-2012-2136",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-2136"
    },
    {
      "name": "CVE-2012-0207",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-0207"
    },
    {
      "name": "CVE-2018-6485",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-6485"
    },
    {
      "name": "CVE-2017-7618",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-7618"
    },
    {
      "name": "CVE-2010-4252",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4252"
    },
    {
      "name": "CVE-2010-4805",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4805"
    },
    {
      "name": "CVE-2015-0292",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-0292"
    },
    {
      "name": "CVE-2017-11176",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-11176"
    },
    {
      "name": "CVE-2016-4997",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4997"
    },
    {
      "name": "CVE-2012-2110",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-2110"
    },
    {
      "name": "CVE-2006-2940",
      "url": "https://www.cve.org/CVERecord?id=CVE-2006-2940"
    },
    {
      "name": "CVE-2021-39279",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-39279"
    },
    {
      "name": "CVE-2021-39278",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-39278"
    },
    {
      "name": "CVE-2012-6638",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-6638"
    },
    {
      "name": "CVE-2014-2523",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-2523"
    },
    {
      "name": "CVE-2016-10229",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-10229"
    },
    {
      "name": "CVE-2016-7039",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-7039"
    },
    {
      "name": "CVE-2014-3567",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-3567"
    },
    {
      "name": "CVE-2011-0709",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0709"
    },
    {
      "name": "CVE-2010-4251",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4251"
    },
    {
      "name": "CVE-2014-3512",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-3512"
    },
    {
      "name": "CVE-2012-3552",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-3552"
    },
    {
      "name": "CVE-2012-6701",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-6701"
    },
    {
      "name": "CVE-2017-1000111",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-1000111"
    },
    {
      "name": "CVE-2019-3896",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-3896"
    },
    {
      "name": "CVE-2012-6704",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-6704"
    },
    {
      "name": "CVE-2009-3245",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-3245"
    },
    {
      "name": "CVE-2016-8717",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-8717"
    },
    {
      "name": "CVE-2019-16746",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-16746"
    },
    {
      "name": "CVE-2016-3134",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-3134"
    },
    {
      "name": "CVE-2008-4609",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-4609"
    },
    {
      "name": "CVE-2014-8176",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-8176"
    },
    {
      "name": "CVE-2015-5364",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5364"
    },
    {
      "name": "CVE-2014-9984",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-9984"
    },
    {
      "name": "CVE-2009-1298",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1298"
    },
    {
      "name": "CVE-2015-1465",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-1465"
    },
    {
      "name": "CVE-2012-4412",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-4412"
    },
    {
      "name": "CVE-2014-9402",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-9402"
    },
    {
      "name": "CVE-2006-3738",
      "url": "https://www.cve.org/CVERecord?id=CVE-2006-3738"
    },
    {
      "name": "CVE-2016-8666",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-8666"
    },
    {
      "name": "CVE-2010-3864",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3864"
    },
    {
      "name": "CVE-2015-0235",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-0235"
    },
    {
      "name": "CVE-2016-7117",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-7117"
    },
    {
      "name": "CVE-2011-2525",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-2525"
    },
    {
      "name": "CVE-2006-2937",
      "url": "https://www.cve.org/CVERecord?id=CVE-2006-2937"
    },
    {
      "name": "CVE-2015-7547",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-7547"
    },
    {
      "name": "CVE-2014-5119",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-5119"
    },
    {
      "name": "CVE-2017-8890",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-8890"
    },
    {
      "name": "CVE-2016-7406",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-7406"
    },
    {
      "name": "CVE-2013-7470",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-7470"
    },
    {
      "name": "CVE-2016-2109",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-2109"
    },
    {
      "name": "CVE-2012-0056",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-0056"
    },
    {
      "name": "CVE-2016-2108",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-2108"
    },
    {
      "name": "CVE-2010-2692",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-2692"
    },
    {
      "name": "CVE-2016-2148",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-2148"
    },
    {
      "name": "CVE-2010-3848",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3848"
    },
    {
      "name": "CVE-2010-1162",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1162"
    }
  ],
  "initial_release_date": "2021-09-01T00:00:00",
  "last_revision_date": "2021-09-01T00:00:00",
  "links": [],
  "reference": "CERTFR-2021-AVI-669",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2021-09-01T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Moxa.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une\nex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance\net une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Moxa",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Moxa tap-323-wac-1001-2004-wireless-ap-bridge-client-vulnerabilities du 1 septembre 2021",
      "url": "https://www.moxa.com/en/support/product-support/security-advisory/tap-323-wac-1001-2004-wireless-ap-bridge-client-vulnerabilities"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Moxa oncell-g3470a-wdr-3124a-cellular-gateways-router-vulnerabilities du 1 septembre 2021",
      "url": "https://www.moxa.com/en/support/product-support/security-advisory/oncell-g3470a-wdr-3124a-cellular-gateways-router-vulnerabilities"
    }
  ]
}

CERTA-2012-AVI-479

Vulnerability from certfr_avis - Published: 2012-09-03 - Updated: 2012-09-03

De multiples vulnérabilités ont été corrigées dans les produits VMware. Elles concernent les éléments d'éditeurs tiers implémentés dans les solutions. Les éléments suivants ont étés mis à jour :

Java Runtime Environment (JRE) ;
OpenSSL ;
le noyau ;
Perl ;
libxml2 ;
glibc ;
GnuTLS ;
popt et rpm ;
Apache struts.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
VMware	N/A	VMware ESX version 4.1 ;
VMware	N/A	VMware vCO version 4.0.
VMware	N/A	VMware vCenter version 5.0 ;
VMware	N/A	VMware vCOps version 1.0.x ;
VMware	ESXi	VMware ESXi version 3.5 ;
VMware	N/A	VMware Update Manager version 5.0 ;
VMware	N/A	VMware Update Manager version 4.0 ;
VMware	N/A	VMware vCO version 4.1 ;
VMware	ESXi	VMware ESXi version 4.1 ;
VMware	N/A	VMware vCenter version 4.0 ;
VMware	N/A	VMware vCenter version 4.1 ;
VMware	N/A	VMware vCOps version 5.0.2 ;
VMware	ESXi	VMware ESXi version 4.0 ;
VMware	N/A	VMware VirtualCenter version 2.5 ;
VMware	N/A	VMware Update Manager version 4.1 ;
VMware	ESXi	VMware ESXi version 5.0 ;
VMware	N/A	VMware ESX version 4.0 ;
VMware	N/A	VMware ESX version 3.5 ;

References

Title

Publication Time

Tags

Bulletin de sécurité VMware VMSA-2012-0013 du 30 août 2012

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "VMware ESX version 4.1 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "VMware vCO version 4.0.",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "VMware vCenter version 5.0 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "VMware vCOps version 1.0.x ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "VMware ESXi version 3.5 ;",
      "product": {
        "name": "ESXi",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "VMware Update Manager version 5.0 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "VMware Update Manager version 4.0 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "VMware vCO version 4.1 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "VMware ESXi version 4.1 ;",
      "product": {
        "name": "ESXi",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "VMware vCenter version 4.0 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "VMware vCenter version 4.1 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "VMware vCOps version 5.0.2 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "VMware ESXi version 4.0 ;",
      "product": {
        "name": "ESXi",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "VMware VirtualCenter version 2.5 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "VMware Update Manager version 4.1 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "VMware ESXi version 5.0 ;",
      "product": {
        "name": "ESXi",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "VMware ESX version 4.0 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "VMware ESX version 3.5 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2011-1833",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1833"
    },
    {
      "name": "CVE-2012-0050",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-0050"
    },
    {
      "name": "CVE-2011-4132",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-4132"
    },
    {
      "name": "CVE-2011-4609",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-4609"
    },
    {
      "name": "CVE-2012-0207",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-0207"
    },
    {
      "name": "CVE-2011-5057",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-5057"
    },
    {
      "name": "CVE-2010-4252",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4252"
    },
    {
      "name": "CVE-2011-4619",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-4619"
    },
    {
      "name": "CVE-2012-2110",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-2110"
    },
    {
      "name": "CVE-2011-4576",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-4576"
    },
    {
      "name": "CVE-2011-2496",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-2496"
    },
    {
      "name": "CVE-2009-5064",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-5064"
    },
    {
      "name": "CVE-2011-4577",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-4577"
    },
    {
      "name": "CVE-2009-5029",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-5029"
    },
    {
      "name": "CVE-2012-1569",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-1569"
    },
    {
      "name": "CVE-2011-4324",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-4324"
    },
    {
      "name": "CVE-2011-4110",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-4110"
    },
    {
      "name": "CVE-2011-4108",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-4108"
    },
    {
      "name": "CVE-2012-1583",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-1583"
    },
    {
      "name": "CVE-2010-2761",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-2761"
    },
    {
      "name": "CVE-2012-0060",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-0060"
    },
    {
      "name": "CVE-2012-0391",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-0391"
    },
    {
      "name": "CVE-2011-4325",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-4325"
    },
    {
      "name": "CVE-2010-0830",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0830"
    },
    {
      "name": "CVE-2012-0061",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-0061"
    },
    {
      "name": "CVE-2010-4180",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4180"
    },
    {
      "name": "CVE-2012-0864",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-0864"
    },
    {
      "name": "CVE-2011-3209",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-3209"
    },
    {
      "name": "CVE-2010-4410",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4410"
    },
    {
      "name": "CVE-2012-0392",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-0392"
    },
    {
      "name": "CVE-2012-0394",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-0394"
    },
    {
      "name": "CVE-2012-0815",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-0815"
    },
    {
      "name": "CVE-2011-3188",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-3188"
    },
    {
      "name": "CVE-2011-1020",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1020"
    },
    {
      "name": "CVE-2011-4109",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-4109"
    },
    {
      "name": "CVE-2012-1573",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-1573"
    },
    {
      "name": "CVE-2011-4128",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-4128"
    },
    {
      "name": "CVE-2012-0841",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-0841"
    },
    {
      "name": "CVE-2011-2484",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-2484"
    },
    {
      "name": "CVE-2012-0393",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-0393"
    },
    {
      "name": "CVE-2011-3597",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-3597"
    },
    {
      "name": "CVE-2011-3363",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-3363"
    },
    {
      "name": "CVE-2011-2699",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-2699"
    },
    {
      "name": "CVE-2011-0014",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0014"
    },
    {
      "name": "CVE-2011-1089",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1089"
    }
  ],
  "initial_release_date": "2012-09-03T00:00:00",
  "last_revision_date": "2012-09-03T00:00:00",
  "links": [],
  "reference": "CERTA-2012-AVI-479",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2012-09-03T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans les produits \u003cspan\nclass=\"textit\"\u003eVMware\u003c/span\u003e. Elles concernent les \u00e9l\u00e9ments d\u0027\u00e9diteurs\ntiers impl\u00e9ment\u00e9s dans les solutions. Les \u00e9l\u00e9ments suivants ont \u00e9t\u00e9s mis\n\u00e0 jour :\n\n-   Java Runtime Environment (JRE) ;\n-   OpenSSL ;\n-   le noyau ;\n-   Perl ;\n-   libxml2 ;\n-   glibc ;\n-   GnuTLS ;\n-   popt et rpm ;\n-   Apache struts.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans VMware",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 VMware VMSA-2012-0013 du 30 ao\u00fbt 2012",
      "url": "http://www.vmware.com/security/advisories/VMSA-2012-0013.html"
    }
  ]
}

GSD-2012-0207

Vulnerability from gsd - Updated: 2023-12-13 01:20

Details

The igmp_heard_query function in net/ipv4/igmp.c in the Linux kernel before 3.2.1 allows remote attackers to cause a denial of service (divide-by-zero error and panic) via IGMP packets.

Aliases

CVE-2012-0207

Aliases

CVE-2012-0207

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2012-0207",
    "description": "The igmp_heard_query function in net/ipv4/igmp.c in the Linux kernel before 3.2.1 allows remote attackers to cause a denial of service (divide-by-zero error and panic) via IGMP packets.",
    "id": "GSD-2012-0207",
    "references": [
      "https://www.suse.com/security/cve/CVE-2012-0207.html",
      "https://access.redhat.com/errata/RHSA-2012:0422",
      "https://access.redhat.com/errata/RHSA-2012:0350",
      "https://access.redhat.com/errata/RHSA-2012:0333",
      "https://access.redhat.com/errata/RHSA-2012:0168",
      "https://access.redhat.com/errata/RHSA-2012:0107",
      "https://alas.aws.amazon.com/cve/html/CVE-2012-0207.html",
      "https://linux.oracle.com/cve/CVE-2012-0207.html",
      "https://packetstormsecurity.com/files/cve/CVE-2012-0207"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2012-0207"
      ],
      "details": "The igmp_heard_query function in net/ipv4/igmp.c in the Linux kernel before 3.2.1 allows remote attackers to cause a denial of service (divide-by-zero error and panic) via IGMP packets.",
      "id": "GSD-2012-0207",
      "modified": "2023-12-13T01:20:13.295302Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "security@debian.org",
        "ID": "CVE-2012-0207",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "The igmp_heard_query function in net/ipv4/igmp.c in the Linux kernel before 3.2.1 allows remote attackers to cause a denial of service (divide-by-zero error and panic) via IGMP packets."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=654876",
            "refsource": "CONFIRM",
            "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=654876"
          },
          {
            "name": "https://github.com/torvalds/linux/commit/25c413ad0029ea86008234be28aee33456e53e5b",
            "refsource": "CONFIRM",
            "url": "https://github.com/torvalds/linux/commit/25c413ad0029ea86008234be28aee33456e53e5b"
          },
          {
            "name": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.2.1",
            "refsource": "CONFIRM",
            "url": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.2.1"
          },
          {
            "name": "https://github.com/torvalds/linux/commit/a8c1f65c79cbbb2f7da782d4c9d15639a9b94b27",
            "refsource": "CONFIRM",
            "url": "https://github.com/torvalds/linux/commit/a8c1f65c79cbbb2f7da782d4c9d15639a9b94b27"
          },
          {
            "name": "https://bugzilla.redhat.com/show_bug.cgi?id=772867",
            "refsource": "CONFIRM",
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=772867"
          },
          {
            "name": "[oss-security] 20120110 CVE-2012-0207 kernel: igmp: Avoid zero delay when receiving odd mixture of IGMP queries",
            "refsource": "MLIST",
            "url": "http://www.openwall.com/lists/oss-security/2012/01/10/5"
          },
          {
            "name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=a8c1f65c79cbbb2f7da782d4c9d15639a9b94b27",
            "refsource": "CONFIRM",
            "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=a8c1f65c79cbbb2f7da782d4c9d15639a9b94b27"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "3.0.17",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "3.1.9",
                "versionStartIncluding": "3.1",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "3.2.1",
                "versionStartIncluding": "3.2",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_eus:5.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "security@debian.org",
          "ID": "CVE-2012-0207"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "The igmp_heard_query function in net/ipv4/igmp.c in the Linux kernel before 3.2.1 allows remote attackers to cause a denial of service (divide-by-zero error and panic) via IGMP packets."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-369"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "[oss-security] 20120110 CVE-2012-0207 kernel: igmp: Avoid zero delay when receiving odd mixture of IGMP queries",
              "refsource": "MLIST",
              "tags": [
                "Mailing List",
                "Third Party Advisory"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2012/01/10/5"
            },
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=772867",
              "refsource": "CONFIRM",
              "tags": [
                "Issue Tracking",
                "Patch",
                "Third Party Advisory"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=772867"
            },
            {
              "name": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.2.1",
              "refsource": "CONFIRM",
              "tags": [
                "Mailing List",
                "Patch",
                "Vendor Advisory"
              ],
              "url": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.2.1"
            },
            {
              "name": "https://github.com/torvalds/linux/commit/a8c1f65c79cbbb2f7da782d4c9d15639a9b94b27",
              "refsource": "CONFIRM",
              "tags": [
                "Patch",
                "Third Party Advisory"
              ],
              "url": "https://github.com/torvalds/linux/commit/a8c1f65c79cbbb2f7da782d4c9d15639a9b94b27"
            },
            {
              "name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=a8c1f65c79cbbb2f7da782d4c9d15639a9b94b27",
              "refsource": "CONFIRM",
              "tags": [
                "Mailing List",
                "Patch",
                "Vendor Advisory"
              ],
              "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=a8c1f65c79cbbb2f7da782d4c9d15639a9b94b27"
            },
            {
              "name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=654876",
              "refsource": "CONFIRM",
              "tags": [
                "Exploit",
                "Mailing List",
                "Third Party Advisory"
              ],
              "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=654876"
            },
            {
              "name": "https://github.com/torvalds/linux/commit/25c413ad0029ea86008234be28aee33456e53e5b",
              "refsource": "CONFIRM",
              "tags": [
                "Patch",
                "Third Party Advisory"
              ],
              "url": "https://github.com/torvalds/linux/commit/25c413ad0029ea86008234be28aee33456e53e5b"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.8,
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 6.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 3.6
        }
      },
      "lastModifiedDate": "2023-01-17T21:31Z",
      "publishedDate": "2012-05-17T11:00Z"
    }
  }
}

FKIE_CVE-2012-0207

Vulnerability from fkie_nvd - Published: 2012-05-17 11:00 - Updated: 2025-04-11 00:51

Severity ?

7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Summary

The igmp_heard_query function in net/ipv4/igmp.c in the Linux kernel before 3.2.1 allows remote attackers to cause a denial of service (divide-by-zero error and panic) via IGMP packets.

References

URL	Tags
security@debian.org	http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=654876	Exploit, Mailing List, Third Party Advisory
security@debian.org	http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=a8c1f65c79cbbb2f7da782d4c9d15639a9b94b27
security@debian.org	http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.2.1	Mailing List, Patch, Vendor Advisory
security@debian.org	http://www.openwall.com/lists/oss-security/2012/01/10/5	Mailing List, Third Party Advisory
security@debian.org	https://bugzilla.redhat.com/show_bug.cgi?id=772867	Issue Tracking, Patch, Third Party Advisory
security@debian.org	https://github.com/torvalds/linux/commit/25c413ad0029ea86008234be28aee33456e53e5b	Patch, Third Party Advisory
security@debian.org	https://github.com/torvalds/linux/commit/a8c1f65c79cbbb2f7da782d4c9d15639a9b94b27	Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=654876	Exploit, Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=a8c1f65c79cbbb2f7da782d4c9d15639a9b94b27
af854a3a-2127-422b-91ae-364da2661108	http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.2.1	Mailing List, Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2012/01/10/5	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://bugzilla.redhat.com/show_bug.cgi?id=772867	Issue Tracking, Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://github.com/torvalds/linux/commit/25c413ad0029ea86008234be28aee33456e53e5b	Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://github.com/torvalds/linux/commit/a8c1f65c79cbbb2f7da782d4c9d15639a9b94b27	Patch, Third Party Advisory

Impacted products

Vendor	Product	Version
linux	linux_kernel	*
linux	linux_kernel	*
linux	linux_kernel	*
redhat	enterprise_linux_eus	5.6

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "F24C14F0-9C07-48BD-9DE9-DDDCB2020217",
              "versionEndExcluding": "3.0.17",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "A5CAB3C0-5A93-497E-AE01-9B544D838350",
              "versionEndExcluding": "3.1.9",
              "versionStartIncluding": "3.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E1D67D09-E7BB-4138-91FD-10D3400EB2D7",
              "versionEndExcluding": "3.2.1",
              "versionStartIncluding": "3.2",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:5.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "903512FC-0017-4564-9B89-7E64FFB14B11",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The igmp_heard_query function in net/ipv4/igmp.c in the Linux kernel before 3.2.1 allows remote attackers to cause a denial of service (divide-by-zero error and panic) via IGMP packets."
    },
    {
      "lang": "es",
      "value": "La funci\u00f3n de igmp_heard_query net/ipv4/igmp.c en el kernel de Linux en versiones anteriores a la v3.2.1 permite a atacantes remotos causar una denegaci\u00f3n de servicio (error de divisi\u00f3n por cero y el \"kernel panic\") a trav\u00e9s de paquetes IGMP."
    }
  ],
  "id": "CVE-2012-0207",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 7.8,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2012-05-17T11:00:36.617",
  "references": [
    {
      "source": "security@debian.org",
      "tags": [
        "Exploit",
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=654876"
    },
    {
      "source": "security@debian.org",
      "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=a8c1f65c79cbbb2f7da782d4c9d15639a9b94b27"
    },
    {
      "source": "security@debian.org",
      "tags": [
        "Mailing List",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.2.1"
    },
    {
      "source": "security@debian.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2012/01/10/5"
    },
    {
      "source": "security@debian.org",
      "tags": [
        "Issue Tracking",
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=772867"
    },
    {
      "source": "security@debian.org",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://github.com/torvalds/linux/commit/25c413ad0029ea86008234be28aee33456e53e5b"
    },
    {
      "source": "security@debian.org",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://github.com/torvalds/linux/commit/a8c1f65c79cbbb2f7da782d4c9d15639a9b94b27"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=654876"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=a8c1f65c79cbbb2f7da782d4c9d15639a9b94b27"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.2.1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2012/01/10/5"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=772867"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://github.com/torvalds/linux/commit/25c413ad0029ea86008234be28aee33456e53e5b"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://github.com/torvalds/linux/commit/a8c1f65c79cbbb2f7da782d4c9d15639a9b94b27"
    }
  ],
  "sourceIdentifier": "security@debian.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-369"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2012-0207 (GCVE-0-2012-0207)

GHSA-6Q5H-Q7W3-MF7C

CERTFR-2021-AVI-669

Solution

CERTA-2012-AVI-479

Solution

GSD-2012-0207

FKIE_CVE-2012-0207

Tags

Sightings

Nomenclature