CVE-2011-1093

CVSS v2.0 7.8 (High)

EPSS 2.71 % (91^th)

Affected Products 6

Advisories 15

The dccp_rcv_state_process function in net/dccp/input.c in the Datagram Congestion Control Protocol (DCCP) implementation in the Linux kernel before 2.6.38 does not properly handle packets for a CLOSED endpoint, which allows remote attackers to cause a denial of service (NULL pointer dereference and OOPS) by sending a DCCP-Close packet followed by a DCCP-Reset packet.

Weaknesses

CWE-476: NULL Pointer Dereference

CVE Status: PUBLISHED
CNA: Red Hat, Inc.
Published Date: 2011-07-18 22:55:00
(13 years ago)
Updated Date: 2023-02-13 01:18:57
(19 months ago)

Affected Products

Linux

Linux Kernel

Redhat

Configuration #1

		CPE23	From	Up To
	Linux Kernel prior 2.6.38 version	cpe:2.3:o:linux:linux_kernel		< 2.6.38

Configuration #2

		CPE23	From	Up To
	Redhat Enterprise Linux Aus 5.6	cpe:2.3:o:redhat:enterprise_linux_aus:5.6
	Redhat Enterprise Linux Desktop 5.0	cpe:2.3:o:redhat:enterprise_linux_desktop:5.0
	Redhat Enterprise Linux Eus 5.6	cpe:2.3:o:redhat:enterprise_linux_eus:5.6
	Redhat Enterprise Linux Server 5.0	cpe:2.3:o:redhat:enterprise_linux_server:5.0
	Redhat Enterprise Linux Workstation 5.0	cpe:2.3:o:redhat:enterprise_linux_workstation:5.0