CVE-2008-2136

CVSS v2.0 7.8 (High)

EPSS 89.88 % (99^th)

Affected Products 3

Advisories 3

Memory leak in the ipip6_rcv function in net/ipv6/sit.c in the Linux kernel 2.4 before 2.4.36.5 and 2.6 before 2.6.25.3 allows remote attackers to cause a denial of service (memory consumption) via network traffic to a Simple Internet Transition (SIT) tunnel interface, related to the pskb_may_pull and kfree_skb functions, and management of an skb reference count.

Weaknesses

CWE-399: Resource Management Errors

CVE Status: PUBLISHED
CNA: MITRE
Published Date: 2008-05-16 12:54:00
(16 years ago)
Updated Date: 2018-10-31 18:55:32
(5 years ago)

Affected Products

Configuration #1

		CPE23	From	Up To
	Linux Kernel from 2.4.0 version and prior 2.4.36.5 version	cpe:2.3:o:linux:linux_kernel	>= 2.4.0	< 2.4.36.5
	Linux Kernel from 2.6.0 version and prior 2.6.25.3 version	cpe:2.3:o:linux:linux_kernel	>= 2.6.0	< 2.6.25.3

Configuration #2

		CPE23	From	Up To
	Debian Linux 4.0	cpe:2.3:o:debian:debian_linux:4.0

Configuration #3

		CPE23	From	Up To
	Canonical Ubuntu Linux 6.06	cpe:2.3:o:canonical:ubuntu_linux:6.06:::*:lts
	Canonical Ubuntu Linux 7.04	cpe:2.3:o:canonical:ubuntu_linux:7.04
	Canonical Ubuntu Linux 7.10	cpe:2.3:o:canonical:ubuntu_linux:7.10
	Canonical Ubuntu Linux 8.04	cpe:2.3:o:canonical:ubuntu_linux:8.04:::*:lts

Weaknesses

Affected Products

Canonical

Debian

Linux

Configuration #1

Configuration #2

Configuration #3