Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
The rose_parse_ccitt function in net/rose/rose_subr.c in the Linux kernel before 2.6.39 does not validate the FAC_CCITT_DEST_NSAP and FAC_CCITT_SRC_NSAP fields, which allows remote attackers to (1) cause a denial of service (integer underflow, heap memory corruption, and panic) via a small length value in data sent to a ROSE socket, or (2) conduct stack-based buffer overflow attacks via a large length value in data sent to a ROSE socket.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Linux kernel‘rose_parse_ccitt’函数缓冲区错误漏洞
Vulnerability Description
Linux kernel是美国Linux基金会发布的开源操作系统Linux所使用的内核。NFSv4 implementation是其中的一个分布式文件系统协议。 Linux kernel 2.6.39之前版本中的net/rose/rose_subr.c中的rose_parse_ccitt函数中存在漏洞,该漏洞源于未验证FAC_CCITT_DEST_NSAP和FAC_CCITT_SRC_NSAP域。远程攻击者可利用该漏洞通过(1)小量长度值数据发送到ROSE套接字导致拒绝服务(整数溢出,堆内存破坏和恐慌),
CVSS Information
N/A
Vulnerability Type
N/A