Vulnerability-Lookup

CVE-2016-8666 (GCVE-0-2016-8666)

Vulnerability from cvelistv5 – Published: 2016-10-16 21:00 – Updated: 2024-08-06 02:27

Summary

The IP stack in the Linux kernel before 4.6 allows remote attackers to cause a denial of service (stack consumption and panic) or possibly have unspecified other impact by triggering use of the GRO path for packets with tunnel stacking, as demonstrated by interleaved IPv4 headers and GRE headers, a related issue to CVE-2016-7039.

Severity ?

No CVSS data available.

CWE

Assigner

microfocus

References

URL

Tags

	http://rhn.redhat.com/errata/RHSA-2016-2107.html	vendor-advisoryx_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2017:0372	vendor-advisoryx_refsource_REDHAT
	https://bto.bluecoat.com/security-advisory/sa134	x_refsource_CONFIRM
	http://www.securityfocus.com/bid/93562	vdb-entryx_refsource_BID
	http://git.kernel.org/cgit/linux/kernel/git/torva…	x_refsource_CONFIRM
	http://rhn.redhat.com/errata/RHSA-2016-2047.html	vendor-advisoryx_refsource_REDHAT
	http://rhn.redhat.com/errata/RHSA-2016-2110.html	vendor-advisoryx_refsource_REDHAT
	http://www.openwall.com/lists/oss-security/2016/1…	mailing-listx_refsource_MLIST
	https://github.com/torvalds/linux/commit/fac8e0f5…	x_refsource_CONFIRM
	http://rhn.redhat.com/errata/RHSA-2017-0004.html	vendor-advisoryx_refsource_REDHAT
	https://bugzilla.redhat.com/show_bug.cgi?id=1384991	x_refsource_CONFIRM
	https://bugzilla.suse.com/show_bug.cgi?id=1001486	x_refsource_CONFIRM

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T02:27:41.223Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "RHSA-2016:2107",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2016-2107.html"
          },
          {
            "name": "RHSA-2017:0372",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:0372"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bto.bluecoat.com/security-advisory/sa134"
          },
          {
            "name": "93562",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/93562"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=fac8e0f579695a3ecbc4d3cac369139d7f819971"
          },
          {
            "name": "RHSA-2016:2047",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2016-2047.html"
          },
          {
            "name": "RHSA-2016:2110",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2016-2110.html"
          },
          {
            "name": "[oss-security] 20161013 CVE Request: another recursion in GRE",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2016/10/13/11"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/torvalds/linux/commit/fac8e0f579695a3ecbc4d3cac369139d7f819971"
          },
          {
            "name": "RHSA-2017:0004",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2017-0004.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1384991"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.suse.com/show_bug.cgi?id=1001486"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2016-09-27T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "The IP stack in the Linux kernel before 4.6 allows remote attackers to cause a denial of service (stack consumption and panic) or possibly have unspecified other impact by triggering use of the GRO path for packets with tunnel stacking, as demonstrated by interleaved IPv4 headers and GRE headers, a related issue to CVE-2016-7039."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-01-06T16:16:08.000Z",
        "orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
        "shortName": "microfocus"
      },
      "references": [
        {
          "name": "RHSA-2016:2107",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2016-2107.html"
        },
        {
          "name": "RHSA-2017:0372",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:0372"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bto.bluecoat.com/security-advisory/sa134"
        },
        {
          "name": "93562",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/93562"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=fac8e0f579695a3ecbc4d3cac369139d7f819971"
        },
        {
          "name": "RHSA-2016:2047",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2016-2047.html"
        },
        {
          "name": "RHSA-2016:2110",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2016-2110.html"
        },
        {
          "name": "[oss-security] 20161013 CVE Request: another recursion in GRE",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2016/10/13/11"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/torvalds/linux/commit/fac8e0f579695a3ecbc4d3cac369139d7f819971"
        },
        {
          "name": "RHSA-2017:0004",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2017-0004.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1384991"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.suse.com/show_bug.cgi?id=1001486"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@microfocus.com",
          "ID": "CVE-2016-8666",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The IP stack in the Linux kernel before 4.6 allows remote attackers to cause a denial of service (stack consumption and panic) or possibly have unspecified other impact by triggering use of the GRO path for packets with tunnel stacking, as demonstrated by interleaved IPv4 headers and GRE headers, a related issue to CVE-2016-7039."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "RHSA-2016:2107",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2016-2107.html"
            },
            {
              "name": "RHSA-2017:0372",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:0372"
            },
            {
              "name": "https://bto.bluecoat.com/security-advisory/sa134",
              "refsource": "CONFIRM",
              "url": "https://bto.bluecoat.com/security-advisory/sa134"
            },
            {
              "name": "93562",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/93562"
            },
            {
              "name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=fac8e0f579695a3ecbc4d3cac369139d7f819971",
              "refsource": "CONFIRM",
              "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=fac8e0f579695a3ecbc4d3cac369139d7f819971"
            },
            {
              "name": "RHSA-2016:2047",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2016-2047.html"
            },
            {
              "name": "RHSA-2016:2110",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2016-2110.html"
            },
            {
              "name": "[oss-security] 20161013 CVE Request: another recursion in GRE",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2016/10/13/11"
            },
            {
              "name": "https://github.com/torvalds/linux/commit/fac8e0f579695a3ecbc4d3cac369139d7f819971",
              "refsource": "CONFIRM",
              "url": "https://github.com/torvalds/linux/commit/fac8e0f579695a3ecbc4d3cac369139d7f819971"
            },
            {
              "name": "RHSA-2017:0004",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2017-0004.html"
            },
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1384991",
              "refsource": "CONFIRM",
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1384991"
            },
            {
              "name": "https://bugzilla.suse.com/show_bug.cgi?id=1001486",
              "refsource": "CONFIRM",
              "url": "https://bugzilla.suse.com/show_bug.cgi?id=1001486"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
    "assignerShortName": "microfocus",
    "cveId": "CVE-2016-8666",
    "datePublished": "2016-10-16T21:00:00.000Z",
    "dateReserved": "2016-10-14T00:00:00.000Z",
    "dateUpdated": "2024-08-06T02:27:41.223Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CERTFR-2017-AVI-016

Vulnerability from certfr_avis - Published: 2017-01-18 - Updated: 2017-01-18

De multiples vulnérabilités ont été corrigées dans le noyau Linux de SUSE. Elles permettent à un attaquant de provoquer un déni de service, une atteinte à la confidentialité des données et une élévation de privilèges.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
SUSE	SUSE Linux Enterprise Server	SUSE Linux Enterprise Server 12-SP2
SUSE	N/A	SUSE Linux Enterprise High Availability 12-SP2
SUSE	SUSE Linux Enterprise Live Patching	SUSE Linux Enterprise Live Patching 12
SUSE	SUSE Linux Enterprise Server	SUSE Linux Enterprise Server pour Raspberry Pi 12-SP2
SUSE	N/A	SUSE Linux Enterprise Workstation Extension 12-SP2
SUSE	SUSE Linux Enterprise Desktop	SUSE Linux Enterprise Desktop 12-SP2
SUSE	N/A	SUSE Linux Enterprise Software Development Kit 12-SP2

References

Title

Publication Time

Tags

Bulletin de sécurité SUSE SUSE-SU-2017:0181-1 du 17 janvier 2017	None	vendor-advisory
Bulletin de sécurité SUSE SUSE-SU-2017:0181-1 du 17 janvier 2017	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "SUSE Linux Enterprise Server 12-SP2",
      "product": {
        "name": "SUSE Linux Enterprise Server",
        "vendor": {
          "name": "SUSE",
          "scada": false
        }
      }
    },
    {
      "description": "SUSE Linux Enterprise High Availability 12-SP2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "SUSE",
          "scada": false
        }
      }
    },
    {
      "description": "SUSE Linux Enterprise Live Patching 12",
      "product": {
        "name": "SUSE Linux Enterprise Live Patching",
        "vendor": {
          "name": "SUSE",
          "scada": false
        }
      }
    },
    {
      "description": "SUSE Linux Enterprise Server pour Raspberry Pi 12-SP2",
      "product": {
        "name": "SUSE Linux Enterprise Server",
        "vendor": {
          "name": "SUSE",
          "scada": false
        }
      }
    },
    {
      "description": "SUSE Linux Enterprise Workstation Extension 12-SP2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "SUSE",
          "scada": false
        }
      }
    },
    {
      "description": "SUSE Linux Enterprise Desktop 12-SP2",
      "product": {
        "name": "SUSE Linux Enterprise Desktop",
        "vendor": {
          "name": "SUSE",
          "scada": false
        }
      }
    },
    {
      "description": "SUSE Linux Enterprise Software Development Kit 12-SP2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "SUSE",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2016-7917",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-7917"
    },
    {
      "name": "CVE-2016-7913",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-7913"
    },
    {
      "name": "CVE-2016-9793",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-9793"
    },
    {
      "name": "CVE-2015-1350",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-1350"
    },
    {
      "name": "CVE-2016-7425",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-7425"
    },
    {
      "name": "CVE-2016-7039",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-7039"
    },
    {
      "name": "CVE-2016-9919",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-9919"
    },
    {
      "name": "CVE-2016-9083",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-9083"
    },
    {
      "name": "CVE-2016-7042",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-7042"
    },
    {
      "name": "CVE-2016-8645",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-8645"
    },
    {
      "name": "CVE-2016-8666",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-8666"
    },
    {
      "name": "CVE-2015-8964",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-8964"
    },
    {
      "name": "CVE-2016-9084",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-9084"
    }
  ],
  "initial_release_date": "2017-01-18T00:00:00",
  "last_revision_date": "2017-01-18T00:00:00",
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2017:0181-1 du 17 janvier    2017",
      "url": "https://www.suse.com//support/update/announcement/2017/suse-su-20170181-1.html"
    }
  ],
  "reference": "CERTFR-2017-AVI-016",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2017-01-18T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003ele noyau Linux de SUSE\u003c/span\u003e. Elles permettent \u00e0 un\nattaquant de provoquer un d\u00e9ni de service, une atteinte \u00e0 la\nconfidentialit\u00e9 des donn\u00e9es et une \u00e9l\u00e9vation de privil\u00e8ges.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans le noyau Linux de SUSE",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2017:0181-1 du 17 janvier 2017",
      "url": null
    }
  ]
}

CERTFR-2021-AVI-669

Vulnerability from certfr_avis - Published: 2021-09-01 - Updated: 2021-09-01

De multiples vulnérabilités ont été découvertes dans les produits Moxa. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à l'intégrité des données.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Moxa	N/A	micrologiciel des équipements de la gamme WAC-2004 : ces équipements ne sont plus maintenus et ne bénéficieront pas de correctif
Moxa	N/A	micrologiciel des équipements de la gamme OnCell G3470A sans le dernier correctif
Moxa	N/A	micrologiciel des équipements de la gamme WDR-3124A : ces équipements ne sont plus maintenus et ne bénéficieront pas de correctif
Moxa	N/A	micrologiciel des équipements de la gamme WAC-1001 sans le dernier correctif
Moxa	N/A	micrologiciel des équipements de la gamme TAP-323 sans le dernier correctif

References

Title

Publication Time

Tags

Bulletin de sécurité Moxa tap-323-wac-1001-2004-wireless-ap-bridge-client-vulnerabilities du 1 septembre 2021	None	vendor-advisory
Bulletin de sécurité Moxa oncell-g3470a-wdr-3124a-cellular-gateways-router-vulnerabilities du 1 septembre 2021	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "micrologiciel des \u00e9quipements de la gamme WAC-2004 : ces \u00e9quipements ne sont plus maintenus et ne b\u00e9n\u00e9ficieront pas de correctif",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Moxa",
          "scada": true
        }
      }
    },
    {
      "description": "micrologiciel des \u00e9quipements de la gamme OnCell G3470A sans le dernier correctif",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Moxa",
          "scada": true
        }
      }
    },
    {
      "description": "micrologiciel des \u00e9quipements de la gamme WDR-3124A : ces \u00e9quipements ne sont plus maintenus et ne b\u00e9n\u00e9ficieront pas de correctif",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Moxa",
          "scada": true
        }
      }
    },
    {
      "description": "micrologiciel des \u00e9quipements de la gamme WAC-1001 sans le dernier correctif",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Moxa",
          "scada": true
        }
      }
    },
    {
      "description": "micrologiciel des \u00e9quipements de la gamme TAP-323 sans le dernier correctif",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Moxa",
          "scada": true
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2010-0742",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0742"
    },
    {
      "name": "CVE-2012-2136",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-2136"
    },
    {
      "name": "CVE-2012-0207",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-0207"
    },
    {
      "name": "CVE-2018-6485",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-6485"
    },
    {
      "name": "CVE-2017-7618",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-7618"
    },
    {
      "name": "CVE-2010-4252",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4252"
    },
    {
      "name": "CVE-2010-4805",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4805"
    },
    {
      "name": "CVE-2015-0292",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-0292"
    },
    {
      "name": "CVE-2017-11176",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-11176"
    },
    {
      "name": "CVE-2016-4997",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4997"
    },
    {
      "name": "CVE-2012-2110",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-2110"
    },
    {
      "name": "CVE-2006-2940",
      "url": "https://www.cve.org/CVERecord?id=CVE-2006-2940"
    },
    {
      "name": "CVE-2021-39279",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-39279"
    },
    {
      "name": "CVE-2021-39278",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-39278"
    },
    {
      "name": "CVE-2012-6638",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-6638"
    },
    {
      "name": "CVE-2014-2523",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-2523"
    },
    {
      "name": "CVE-2016-10229",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-10229"
    },
    {
      "name": "CVE-2016-7039",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-7039"
    },
    {
      "name": "CVE-2014-3567",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-3567"
    },
    {
      "name": "CVE-2011-0709",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0709"
    },
    {
      "name": "CVE-2010-4251",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4251"
    },
    {
      "name": "CVE-2014-3512",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-3512"
    },
    {
      "name": "CVE-2012-3552",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-3552"
    },
    {
      "name": "CVE-2012-6701",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-6701"
    },
    {
      "name": "CVE-2017-1000111",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-1000111"
    },
    {
      "name": "CVE-2019-3896",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-3896"
    },
    {
      "name": "CVE-2012-6704",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-6704"
    },
    {
      "name": "CVE-2009-3245",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-3245"
    },
    {
      "name": "CVE-2016-8717",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-8717"
    },
    {
      "name": "CVE-2019-16746",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-16746"
    },
    {
      "name": "CVE-2016-3134",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-3134"
    },
    {
      "name": "CVE-2008-4609",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-4609"
    },
    {
      "name": "CVE-2014-8176",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-8176"
    },
    {
      "name": "CVE-2015-5364",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5364"
    },
    {
      "name": "CVE-2014-9984",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-9984"
    },
    {
      "name": "CVE-2009-1298",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1298"
    },
    {
      "name": "CVE-2015-1465",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-1465"
    },
    {
      "name": "CVE-2012-4412",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-4412"
    },
    {
      "name": "CVE-2014-9402",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-9402"
    },
    {
      "name": "CVE-2006-3738",
      "url": "https://www.cve.org/CVERecord?id=CVE-2006-3738"
    },
    {
      "name": "CVE-2016-8666",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-8666"
    },
    {
      "name": "CVE-2010-3864",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3864"
    },
    {
      "name": "CVE-2015-0235",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-0235"
    },
    {
      "name": "CVE-2016-7117",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-7117"
    },
    {
      "name": "CVE-2011-2525",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-2525"
    },
    {
      "name": "CVE-2006-2937",
      "url": "https://www.cve.org/CVERecord?id=CVE-2006-2937"
    },
    {
      "name": "CVE-2015-7547",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-7547"
    },
    {
      "name": "CVE-2014-5119",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-5119"
    },
    {
      "name": "CVE-2017-8890",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-8890"
    },
    {
      "name": "CVE-2016-7406",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-7406"
    },
    {
      "name": "CVE-2013-7470",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-7470"
    },
    {
      "name": "CVE-2016-2109",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-2109"
    },
    {
      "name": "CVE-2012-0056",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-0056"
    },
    {
      "name": "CVE-2016-2108",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-2108"
    },
    {
      "name": "CVE-2010-2692",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-2692"
    },
    {
      "name": "CVE-2016-2148",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-2148"
    },
    {
      "name": "CVE-2010-3848",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3848"
    },
    {
      "name": "CVE-2010-1162",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1162"
    }
  ],
  "initial_release_date": "2021-09-01T00:00:00",
  "last_revision_date": "2021-09-01T00:00:00",
  "links": [],
  "reference": "CERTFR-2021-AVI-669",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2021-09-01T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Moxa.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une\nex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance\net une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Moxa",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Moxa tap-323-wac-1001-2004-wireless-ap-bridge-client-vulnerabilities du 1 septembre 2021",
      "url": "https://www.moxa.com/en/support/product-support/security-advisory/tap-323-wac-1001-2004-wireless-ap-bridge-client-vulnerabilities"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Moxa oncell-g3470a-wdr-3124a-cellular-gateways-router-vulnerabilities du 1 septembre 2021",
      "url": "https://www.moxa.com/en/support/product-support/security-advisory/oncell-g3470a-wdr-3124a-cellular-gateways-router-vulnerabilities"
    }
  ]
}

CERTFR-2016-AVI-402

Vulnerability from certfr_avis - Published: 2016-12-09 - Updated: 2016-12-09

De multiples vulnérabilités ont été corrigées dans les produits BlueCoat. Elles permettent à un attaquant de provoquer un déni de service à distance et une élévation de privilèges.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

De multiples produits sont impactés. Se référer au bulletin de l'éditeur pour la liste exhaustive des produits.

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Bulletin de sécurité BlueCoat SA134 du 08 décembre 2016

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cP\u003eDe multiples produits sont impact\u00e9s. Se r\u00e9f\u00e9rer au bulletin de  l\u0027\u00e9diteur pour la liste exhaustive des produits.\u003c/P\u003e",
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2016-7039",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-7039"
    },
    {
      "name": "CVE-2016-9555",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-9555"
    },
    {
      "name": "CVE-2016-8666",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-8666"
    },
    {
      "name": "CVE-2016-5195",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-5195"
    }
  ],
  "initial_release_date": "2016-12-09T00:00:00",
  "last_revision_date": "2016-12-09T00:00:00",
  "links": [],
  "reference": "CERTFR-2016-AVI-402",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2016-12-09T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eles produits BlueCoat\u003c/span\u003e. Elles permettent \u00e0 un\nattaquant de provoquer un d\u00e9ni de service \u00e0 distance et une \u00e9l\u00e9vation de\nprivil\u00e8ges.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits BlueCoat",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 BlueCoat SA134 du 08 d\u00e9cembre 2016",
      "url": "https://bto.bluecoat.com/security-advisory/sa134"
    }
  ]
}

CERTFR-2016-AVI-362

Vulnerability from certfr_avis - Published: 2016-10-26 - Updated: 2016-10-26

De multiples vulnérabilités ont été corrigées dans le noyau Linux de Suse. Elles permettent à un attaquant de provoquer un déni de service à distance et une élévation de privilèges.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
SUSE	SUSE Linux Enterprise Server	SUSE Linux Enterprise Server 12-LTSS
SUSE	N/A	SUSE Linux Enterprise Point of Sale 11-SP3
SUSE	SUSE Linux Enterprise Live Patching	SUSE Linux Enterprise Live Patching 12
SUSE	N/A	SUSE Manager 2.1
SUSE	SUSE Linux Enterprise Server	SUSE Linux Enterprise Server for SAP 12
SUSE	N/A	SUSE Linux Enterprise Debuginfo 11-SP3
SUSE	N/A	SUSE OpenStack Cloud 5
SUSE	SUSE Manager Proxy	SUSE Manager Proxy 2.1
SUSE	SUSE Linux Enterprise Server	SUSE Linux Enterprise Server 11-EXTRA

References

Title

Publication Time

Tags

Bulletin de sécurité Suse suse-su-20162632-1 du 25 octobre 2016	None	vendor-advisory
Bulletin de sécurité Suse suse-su-20162637-1 du 25 octobre 2016	None	vendor-advisory
Bulletin de sécurité Suse suse-su-20162635-1 du 25 octobre 2016	None	vendor-advisory
Bulletin de sécurité Suse suse-su-20162636-1 du 25 octobre 2016	None	vendor-advisory
Bulletin de sécurité Suse suse-su-20162638-1 du 25 octobre 2016	None	vendor-advisory
Bulletin de sécurité Suse suse-su-20162629-1 du 25 octobre 2016	None	vendor-advisory
Bulletin de sécurité Suse suse-su-20162614-1 du 24 octobre 2016	None	vendor-advisory
Bulletin de sécurité Suse suse-su-20162630-1 du 25 octobre 2016	None	vendor-advisory
Bulletin de sécurité Suse suse-su-20162633-1 du 25 octobre 2016	None	vendor-advisory
Bulletin de sécurité Suse suse-su-20162634-1 du 25 octobre 2016	None	vendor-advisory
Bulletin de sécurité Suse suse-su-20162631-1 du 25 octobre 2016	None	vendor-advisory
Bulletin de sécurité Suse suse-su-20162633-1 du 25 octobre 2016	-	other
Bulletin de sécurité Suse suse-su-20162630-1 du 25 octobre 2016	-	other
Bulletin de sécurité Suse suse-su-20162614-1 du 24 octobre 2016	-	other
Bulletin de sécurité Suse suse-su-20162635-1 du 25 octobre 2016	-	other
Bulletin de sécurité Suse suse-su-20162636-1 du 25 octobre 2016	-	other
Bulletin de sécurité Suse suse-su-20162638-1 du 25 octobre 2016	-	other
Bulletin de sécurité Suse suse-su-20162629-1 du 25 octobre 2016	-	other
Bulletin de sécurité Suse suse-su-20162632-1 du 25 octobre 2016	-	other
Bulletin de sécurité Suse suse-su-20162634-1 du 25 octobre 2016	-	other
Bulletin de sécurité Suse suse-su-20162637-1 du 25 octobre 2016	-	other
Bulletin de sécurité Suse suse-su-20162631-1 du 25 octobre 2016	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "SUSE Linux Enterprise Server 12-LTSS",
      "product": {
        "name": "SUSE Linux Enterprise Server",
        "vendor": {
          "name": "SUSE",
          "scada": false
        }
      }
    },
    {
      "description": "SUSE Linux Enterprise Point of Sale 11-SP3",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "SUSE",
          "scada": false
        }
      }
    },
    {
      "description": "SUSE Linux Enterprise Live Patching 12",
      "product": {
        "name": "SUSE Linux Enterprise Live Patching",
        "vendor": {
          "name": "SUSE",
          "scada": false
        }
      }
    },
    {
      "description": "SUSE Manager 2.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "SUSE",
          "scada": false
        }
      }
    },
    {
      "description": "SUSE Linux Enterprise Server for SAP 12",
      "product": {
        "name": "SUSE Linux Enterprise Server",
        "vendor": {
          "name": "SUSE",
          "scada": false
        }
      }
    },
    {
      "description": "SUSE Linux Enterprise Debuginfo 11-SP3",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "SUSE",
          "scada": false
        }
      }
    },
    {
      "description": "SUSE OpenStack Cloud 5",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "SUSE",
          "scada": false
        }
      }
    },
    {
      "description": "SUSE Manager Proxy 2.1",
      "product": {
        "name": "SUSE Manager Proxy",
        "vendor": {
          "name": "SUSE",
          "scada": false
        }
      }
    },
    {
      "description": "SUSE Linux Enterprise Server 11-EXTRA",
      "product": {
        "name": "SUSE Linux Enterprise Server",
        "vendor": {
          "name": "SUSE",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2016-4997",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4997"
    },
    {
      "name": "CVE-2016-8666",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-8666"
    },
    {
      "name": "CVE-2016-5195",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-5195"
    }
  ],
  "initial_release_date": "2016-10-26T00:00:00",
  "last_revision_date": "2016-10-26T00:00:00",
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Suse suse-su-20162633-1 du 25 octobre    2016",
      "url": "https://www.suse.com//support/update/announcement/2016/suse-su-20162633-1.html"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Suse suse-su-20162630-1 du 25 octobre    2016",
      "url": "https://www.suse.com//support/update/announcement/2016/suse-su-20162630-1.html"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Suse suse-su-20162614-1 du 24 octobre    2016",
      "url": "https://www.suse.com//support/update/announcement/2016/suse-su-20162614-1.html"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Suse suse-su-20162635-1 du 25 octobre    2016",
      "url": "https://www.suse.com//support/update/announcement/2016/suse-su-20162635-1.html"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Suse suse-su-20162636-1 du 25 octobre    2016",
      "url": "https://www.suse.com//support/update/announcement/2016/suse-su-20162636-1.html"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Suse suse-su-20162638-1 du 25 octobre    2016",
      "url": "https://www.suse.com//support/update/announcement/2016/suse-su-20162638-1.html"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Suse suse-su-20162629-1 du 25 octobre    2016",
      "url": "https://www.suse.com//support/update/announcement/2016/suse-su-20162629-1.html"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Suse suse-su-20162632-1 du 25 octobre    2016",
      "url": "https://www.suse.com//support/update/announcement/2016/suse-su-20162632-1.html"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Suse suse-su-20162634-1 du 25 octobre    2016",
      "url": "https://www.suse.com//support/update/announcement/2016/suse-su-20162634-1.html"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Suse suse-su-20162637-1 du 25 octobre    2016",
      "url": "https://www.suse.com//support/update/announcement/2016/suse-su-20162637-1.html"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Suse suse-su-20162631-1 du 25 octobre    2016",
      "url": "https://www.suse.com//support/update/announcement/2016/suse-su-20162631-1.html"
    }
  ],
  "reference": "CERTFR-2016-AVI-362",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2016-10-26T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003ele noyau Linux de Suse\u003c/span\u003e. Elles permettent \u00e0 un\nattaquant de provoquer un d\u00e9ni de service \u00e0 distance et une \u00e9l\u00e9vation de\nprivil\u00e8ges.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans le noyau Linux de Suse",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Suse suse-su-20162632-1 du 25 octobre 2016",
      "url": null
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Suse suse-su-20162637-1 du 25 octobre 2016",
      "url": null
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Suse suse-su-20162635-1 du 25 octobre 2016",
      "url": null
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Suse suse-su-20162636-1 du 25 octobre 2016",
      "url": null
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Suse suse-su-20162638-1 du 25 octobre 2016",
      "url": null
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Suse suse-su-20162629-1 du 25 octobre 2016",
      "url": null
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Suse suse-su-20162614-1 du 24 octobre 2016",
      "url": null
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Suse suse-su-20162630-1 du 25 octobre 2016",
      "url": null
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Suse suse-su-20162633-1 du 25 octobre 2016",
      "url": null
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Suse suse-su-20162634-1 du 25 octobre 2016",
      "url": null
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Suse suse-su-20162631-1 du 25 octobre 2016",
      "url": null
    }
  ]
}

CNVD-2016-09541

Vulnerability from cnvd - Published: 2016-10-20

Title

Linux kernel IP栈拒绝服务漏洞

Description

Linux kernel是美国Linux基金会发布的操作系统Linux所使用的内核。 Linux kernel 4.5.7及之前的版本中的IP stack存在安全漏洞。远程攻击者可利用该漏洞造成拒绝服务。

Severity

高

Patch Name

Linux kernel IP栈拒绝服务漏洞的补丁

Patch Description

Linux kernel是美国Linux基金会发布的操作系统Linux所使用的内核。 Linux kernel 4.5.7及之前的版本中的IP stack存在安全漏洞。远程攻击者可利用该漏洞造成拒绝服务。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

目前厂商已经发布了升级补丁以修复此安全问题，补丁获取链接： http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=fac8e0f579695a3ecbc4d3cac369139d7f819971

Reference

https://bugzilla.redhat.com/show_bug.cgi?id=1384991 http://www.openwall.com/lists/oss-security/2016/10/13/11

Impacted products

Name
Linux Kernel <=4.5.7

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2016-8666"
    }
  },
  "description": "Linux kernel\u662f\u7f8e\u56fdLinux\u57fa\u91d1\u4f1a\u53d1\u5e03\u7684\u64cd\u4f5c\u7cfb\u7edfLinux\u6240\u4f7f\u7528\u7684\u5185\u6838\u3002\r\n\r\nLinux kernel 4.5.7\u53ca\u4e4b\u524d\u7684\u7248\u672c\u4e2d\u7684IP stack\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u9020\u6210\u62d2\u7edd\u670d\u52a1\u3002",
  "discovererName": "Marcus Meissner",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u4e86\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6b64\u5b89\u5168\u95ee\u9898\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttp://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=fac8e0f579695a3ecbc4d3cac369139d7f819971",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2016-09541",
  "openTime": "2016-10-20",
  "patchDescription": "Linux kernel\u662f\u7f8e\u56fdLinux\u57fa\u91d1\u4f1a\u53d1\u5e03\u7684\u64cd\u4f5c\u7cfb\u7edfLinux\u6240\u4f7f\u7528\u7684\u5185\u6838\u3002\r\n\r\nLinux kernel 4.5.7\u53ca\u4e4b\u524d\u7684\u7248\u672c\u4e2d\u7684IP stack\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u9020\u6210\u62d2\u7edd\u670d\u52a1\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Linux kernel IP\u6808\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "Linux Kernel \u003c=4.5.7"
  },
  "referenceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=1384991\r\nhttp://www.openwall.com/lists/oss-security/2016/10/13/11",
  "serverity": "\u9ad8",
  "submitTime": "2016-10-18",
  "title": "Linux kernel IP\u6808\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e"
}

FKIE_CVE-2016-8666

Vulnerability from fkie_nvd - Published: 2016-10-16 21:59 - Updated: 2025-04-12 10:46

Severity ?

7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Summary

References

	URL	Tags
	security@opentext.com	http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=fac8e0f579695a3ecbc4d3cac369139d7f819971
	security@opentext.com	http://rhn.redhat.com/errata/RHSA-2016-2047.html
	security@opentext.com	http://rhn.redhat.com/errata/RHSA-2016-2107.html
	security@opentext.com	http://rhn.redhat.com/errata/RHSA-2016-2110.html
	security@opentext.com	http://rhn.redhat.com/errata/RHSA-2017-0004.html
	security@opentext.com	http://www.openwall.com/lists/oss-security/2016/10/13/11
	security@opentext.com	http://www.securityfocus.com/bid/93562
	security@opentext.com	https://access.redhat.com/errata/RHSA-2017:0372
	security@opentext.com	https://bto.bluecoat.com/security-advisory/sa134
	security@opentext.com	https://bugzilla.redhat.com/show_bug.cgi?id=1384991
	security@opentext.com	https://bugzilla.suse.com/show_bug.cgi?id=1001486
	security@opentext.com	https://github.com/torvalds/linux/commit/fac8e0f579695a3ecbc4d3cac369139d7f819971
	af854a3a-2127-422b-91ae-364da2661108	http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=fac8e0f579695a3ecbc4d3cac369139d7f819971
	af854a3a-2127-422b-91ae-364da2661108	http://rhn.redhat.com/errata/RHSA-2016-2047.html
	af854a3a-2127-422b-91ae-364da2661108	http://rhn.redhat.com/errata/RHSA-2016-2107.html
	af854a3a-2127-422b-91ae-364da2661108	http://rhn.redhat.com/errata/RHSA-2016-2110.html
	af854a3a-2127-422b-91ae-364da2661108	http://rhn.redhat.com/errata/RHSA-2017-0004.html
	af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2016/10/13/11
	af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/93562
	af854a3a-2127-422b-91ae-364da2661108	https://access.redhat.com/errata/RHSA-2017:0372
	af854a3a-2127-422b-91ae-364da2661108	https://bto.bluecoat.com/security-advisory/sa134
	af854a3a-2127-422b-91ae-364da2661108	https://bugzilla.redhat.com/show_bug.cgi?id=1384991
	af854a3a-2127-422b-91ae-364da2661108	https://bugzilla.suse.com/show_bug.cgi?id=1001486
	af854a3a-2127-422b-91ae-364da2661108	https://github.com/torvalds/linux/commit/fac8e0f579695a3ecbc4d3cac369139d7f819971

Impacted products

Vendor	Product	Version
linux	linux_kernel	*
linux	linux_kernel	*
linux	linux_kernel	*
linux	linux_kernel	*
linux	linux_kernel	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "94939292-97B9-46BE-BF06-57D0DB7A8904",
              "versionEndExcluding": "3.16.35",
              "versionStartIncluding": "3.14",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "B1A82714-1C53-498D-94AA-DE9F6B577522",
              "versionEndExcluding": "3.18.47",
              "versionStartIncluding": "3.17",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "755C626E-7669-4E6E-BC91-2656E4740E66",
              "versionEndExcluding": "4.1.38",
              "versionStartIncluding": "3.19",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "D23F7205-D265-429A-ACA9-F0FDAA8615A1",
              "versionEndExcluding": "4.4.29",
              "versionStartIncluding": "4.2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "628AFDA5-6C82-4DB8-8280-D1D7C58BBFE7",
              "versionEndExcluding": "4.6",
              "versionStartIncluding": "4.5",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The IP stack in the Linux kernel before 4.6 allows remote attackers to cause a denial of service (stack consumption and panic) or possibly have unspecified other impact by triggering use of the GRO path for packets with tunnel stacking, as demonstrated by interleaved IPv4 headers and GRE headers, a related issue to CVE-2016-7039."
    },
    {
      "lang": "es",
      "value": "La pila IP en el kernel de Linux en versiones anteriores a 4.6 permite a atacantes remotos provocar una denegaci\u00f3n de servicio (consumo de pila y p\u00e1nico) o tener otro posible impacto no especificado desencadenando uso de la ruta GRO para paquetes con apilamiento en t\u00fanel, como se demuestra por cabeceras IPv4 y cabeceras GRE intercaladas, un problema relacionado con CVE-2016-7039."
    }
  ],
  "id": "CVE-2016-8666",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 7.8,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2016-10-16T21:59:15.523",
  "references": [
    {
      "source": "security@opentext.com",
      "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=fac8e0f579695a3ecbc4d3cac369139d7f819971"
    },
    {
      "source": "security@opentext.com",
      "url": "http://rhn.redhat.com/errata/RHSA-2016-2047.html"
    },
    {
      "source": "security@opentext.com",
      "url": "http://rhn.redhat.com/errata/RHSA-2016-2107.html"
    },
    {
      "source": "security@opentext.com",
      "url": "http://rhn.redhat.com/errata/RHSA-2016-2110.html"
    },
    {
      "source": "security@opentext.com",
      "url": "http://rhn.redhat.com/errata/RHSA-2017-0004.html"
    },
    {
      "source": "security@opentext.com",
      "url": "http://www.openwall.com/lists/oss-security/2016/10/13/11"
    },
    {
      "source": "security@opentext.com",
      "url": "http://www.securityfocus.com/bid/93562"
    },
    {
      "source": "security@opentext.com",
      "url": "https://access.redhat.com/errata/RHSA-2017:0372"
    },
    {
      "source": "security@opentext.com",
      "url": "https://bto.bluecoat.com/security-advisory/sa134"
    },
    {
      "source": "security@opentext.com",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1384991"
    },
    {
      "source": "security@opentext.com",
      "url": "https://bugzilla.suse.com/show_bug.cgi?id=1001486"
    },
    {
      "source": "security@opentext.com",
      "url": "https://github.com/torvalds/linux/commit/fac8e0f579695a3ecbc4d3cac369139d7f819971"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=fac8e0f579695a3ecbc4d3cac369139d7f819971"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://rhn.redhat.com/errata/RHSA-2016-2047.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://rhn.redhat.com/errata/RHSA-2016-2107.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://rhn.redhat.com/errata/RHSA-2016-2110.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://rhn.redhat.com/errata/RHSA-2017-0004.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.openwall.com/lists/oss-security/2016/10/13/11"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/93562"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://access.redhat.com/errata/RHSA-2017:0372"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://bto.bluecoat.com/security-advisory/sa134"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1384991"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://bugzilla.suse.com/show_bug.cgi?id=1001486"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://github.com/torvalds/linux/commit/fac8e0f579695a3ecbc4d3cac369139d7f819971"
    }
  ],
  "sourceIdentifier": "security@opentext.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-400"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GSD-2016-8666

Vulnerability from gsd - Updated: 2023-12-13 01:21

Details

Aliases

CVE-2016-8666

Aliases

CVE-2016-8666

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2016-8666",
    "description": "The IP stack in the Linux kernel before 4.6 allows remote attackers to cause a denial of service (stack consumption and panic) or possibly have unspecified other impact by triggering use of the GRO path for packets with tunnel stacking, as demonstrated by interleaved IPv4 headers and GRE headers, a related issue to CVE-2016-7039.",
    "id": "GSD-2016-8666",
    "references": [
      "https://www.suse.com/security/cve/CVE-2016-8666.html",
      "https://access.redhat.com/errata/RHSA-2017:0372",
      "https://access.redhat.com/errata/RHSA-2017:0004",
      "https://access.redhat.com/errata/RHSA-2016:2110",
      "https://access.redhat.com/errata/RHSA-2016:2107",
      "https://access.redhat.com/errata/RHSA-2016:2047",
      "https://advisories.mageia.org/CVE-2016-8666.html",
      "https://alas.aws.amazon.com/cve/html/CVE-2016-8666.html",
      "https://linux.oracle.com/cve/CVE-2016-8666.html"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2016-8666"
      ],
      "details": "The IP stack in the Linux kernel before 4.6 allows remote attackers to cause a denial of service (stack consumption and panic) or possibly have unspecified other impact by triggering use of the GRO path for packets with tunnel stacking, as demonstrated by interleaved IPv4 headers and GRE headers, a related issue to CVE-2016-7039.",
      "id": "GSD-2016-8666",
      "modified": "2023-12-13T01:21:22.473225Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "security@microfocus.com",
        "ID": "CVE-2016-8666",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "The IP stack in the Linux kernel before 4.6 allows remote attackers to cause a denial of service (stack consumption and panic) or possibly have unspecified other impact by triggering use of the GRO path for packets with tunnel stacking, as demonstrated by interleaved IPv4 headers and GRE headers, a related issue to CVE-2016-7039."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "RHSA-2016:2107",
            "refsource": "REDHAT",
            "url": "http://rhn.redhat.com/errata/RHSA-2016-2107.html"
          },
          {
            "name": "RHSA-2017:0372",
            "refsource": "REDHAT",
            "url": "https://access.redhat.com/errata/RHSA-2017:0372"
          },
          {
            "name": "https://bto.bluecoat.com/security-advisory/sa134",
            "refsource": "CONFIRM",
            "url": "https://bto.bluecoat.com/security-advisory/sa134"
          },
          {
            "name": "93562",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/93562"
          },
          {
            "name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=fac8e0f579695a3ecbc4d3cac369139d7f819971",
            "refsource": "CONFIRM",
            "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=fac8e0f579695a3ecbc4d3cac369139d7f819971"
          },
          {
            "name": "RHSA-2016:2047",
            "refsource": "REDHAT",
            "url": "http://rhn.redhat.com/errata/RHSA-2016-2047.html"
          },
          {
            "name": "RHSA-2016:2110",
            "refsource": "REDHAT",
            "url": "http://rhn.redhat.com/errata/RHSA-2016-2110.html"
          },
          {
            "name": "[oss-security] 20161013 CVE Request: another recursion in GRE",
            "refsource": "MLIST",
            "url": "http://www.openwall.com/lists/oss-security/2016/10/13/11"
          },
          {
            "name": "https://github.com/torvalds/linux/commit/fac8e0f579695a3ecbc4d3cac369139d7f819971",
            "refsource": "CONFIRM",
            "url": "https://github.com/torvalds/linux/commit/fac8e0f579695a3ecbc4d3cac369139d7f819971"
          },
          {
            "name": "RHSA-2017:0004",
            "refsource": "REDHAT",
            "url": "http://rhn.redhat.com/errata/RHSA-2017-0004.html"
          },
          {
            "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1384991",
            "refsource": "CONFIRM",
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1384991"
          },
          {
            "name": "https://bugzilla.suse.com/show_bug.cgi?id=1001486",
            "refsource": "CONFIRM",
            "url": "https://bugzilla.suse.com/show_bug.cgi?id=1001486"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "4.6",
                "versionStartIncluding": "4.5",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "3.16.35",
                "versionStartIncluding": "3.14",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "3.18.47",
                "versionStartIncluding": "3.17",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "4.1.38",
                "versionStartIncluding": "3.19",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "4.4.29",
                "versionStartIncluding": "4.2",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "security@suse.com",
          "ID": "CVE-2016-8666"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "The IP stack in the Linux kernel before 4.6 allows remote attackers to cause a denial of service (stack consumption and panic) or possibly have unspecified other impact by triggering use of the GRO path for packets with tunnel stacking, as demonstrated by interleaved IPv4 headers and GRE headers, a related issue to CVE-2016-7039."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-400"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1384991",
              "refsource": "CONFIRM",
              "tags": [
                "Issue Tracking",
                "Third Party Advisory"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1384991"
            },
            {
              "name": "https://bugzilla.suse.com/show_bug.cgi?id=1001486",
              "refsource": "CONFIRM",
              "tags": [
                "Issue Tracking",
                "Third Party Advisory"
              ],
              "url": "https://bugzilla.suse.com/show_bug.cgi?id=1001486"
            },
            {
              "name": "https://github.com/torvalds/linux/commit/fac8e0f579695a3ecbc4d3cac369139d7f819971",
              "refsource": "CONFIRM",
              "tags": [
                "Issue Tracking",
                "Patch",
                "Third Party Advisory"
              ],
              "url": "https://github.com/torvalds/linux/commit/fac8e0f579695a3ecbc4d3cac369139d7f819971"
            },
            {
              "name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=fac8e0f579695a3ecbc4d3cac369139d7f819971",
              "refsource": "CONFIRM",
              "tags": [
                "Issue Tracking",
                "Patch",
                "Vendor Advisory"
              ],
              "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=fac8e0f579695a3ecbc4d3cac369139d7f819971"
            },
            {
              "name": "[oss-security] 20161013 CVE Request: another recursion in GRE",
              "refsource": "MLIST",
              "tags": [
                "Mailing List",
                "Third Party Advisory"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2016/10/13/11"
            },
            {
              "name": "93562",
              "refsource": "BID",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.securityfocus.com/bid/93562"
            },
            {
              "name": "https://bto.bluecoat.com/security-advisory/sa134",
              "refsource": "CONFIRM",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://bto.bluecoat.com/security-advisory/sa134"
            },
            {
              "name": "RHSA-2017:0004",
              "refsource": "REDHAT",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2017-0004.html"
            },
            {
              "name": "RHSA-2017:0372",
              "refsource": "REDHAT",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2017:0372"
            },
            {
              "name": "RHSA-2016:2110",
              "refsource": "REDHAT",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2016-2110.html"
            },
            {
              "name": "RHSA-2016:2107",
              "refsource": "REDHAT",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2016-2107.html"
            },
            {
              "name": "RHSA-2016:2047",
              "refsource": "REDHAT",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2016-2047.html"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.8,
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 6.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 3.6
        }
      },
      "lastModifiedDate": "2023-01-17T21:36Z",
      "publishedDate": "2016-10-16T21:59Z"
    }
  }
}

GHSA-59G9-3M7P-CH4F

Vulnerability from github – Published: 2022-05-14 03:55 – Updated: 2022-05-14 03:55

Details

Severity ?

7.5 (High)


                  
                    CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2016-8666"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-400"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2016-10-16T21:59:00Z",
    "severity": "HIGH"
  },
  "details": "The IP stack in the Linux kernel before 4.6 allows remote attackers to cause a denial of service (stack consumption and panic) or possibly have unspecified other impact by triggering use of the GRO path for packets with tunnel stacking, as demonstrated by interleaved IPv4 headers and GRE headers, a related issue to CVE-2016-7039.",
  "id": "GHSA-59g9-3m7p-ch4f",
  "modified": "2022-05-14T03:55:20Z",
  "published": "2022-05-14T03:55:20Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-8666"
    },
    {
      "type": "WEB",
      "url": "https://github.com/torvalds/linux/commit/fac8e0f579695a3ecbc4d3cac369139d7f819971"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2017:0372"
    },
    {
      "type": "WEB",
      "url": "https://bto.bluecoat.com/security-advisory/sa134"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1384991"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.suse.com/show_bug.cgi?id=1001486"
    },
    {
      "type": "WEB",
      "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=fac8e0f579695a3ecbc4d3cac369139d7f819971"
    },
    {
      "type": "WEB",
      "url": "http://rhn.redhat.com/errata/RHSA-2016-2047.html"
    },
    {
      "type": "WEB",
      "url": "http://rhn.redhat.com/errata/RHSA-2016-2107.html"
    },
    {
      "type": "WEB",
      "url": "http://rhn.redhat.com/errata/RHSA-2016-2110.html"
    },
    {
      "type": "WEB",
      "url": "http://rhn.redhat.com/errata/RHSA-2017-0004.html"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2016/10/13/11"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/93562"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2016-8666 (GCVE-0-2016-8666)

Solution

Solution

Solution

Solution

Tags

Sightings

Nomenclature